OkHttp testing fixes for SSLEngine, verify callback, session handling, and trust manager

Author: JeremiahM37

src/java/com/wolfssl/provider/jsse/WolfSSLAuthStore.java

@@ -765,7 +765,7 @@ protected void updateTimeouts(int in, int side) {
                     diff = (now - current.creation.getTime()) / 1000;
 
                     if (diff < 0) {
-                    /* session is from the future ... */ /* TODO */
+                    /* session is from the future ... TODO */
 
                     }
 

src/java/com/wolfssl/provider/jsse/WolfSSLEngine.java

@@ -321,8 +321,7 @@ protected synchronized void cacheRequestedServerNamesFromNetData() {
         List<SNIServerName> names;
         WolfSSLImplementSSLSession session;
 
-        if (this.engineHelper == null ||
-            this.engineHelper.getUseClientMode()) {
+        if (this.engineHelper == null || this.engineHelper.getUseClientMode()) {
             return;
         }
 
@@ -354,7 +353,8 @@ private List<SNIServerName> parseRequestedServerNamesFromNetData() {
         List<SNIServerName> names;
 
         synchronized (netDataLock) {
-            if (this.netData == null || this.netData.remaining() < 5) {
+            if (this.netData == null ||
+                this.netData.remaining() < TLS_RECORD_HEADER_LEN) {
                 return null;
             }
             in = this.netData.asReadOnlyBuffer();
@@ -1199,8 +1199,7 @@ private synchronized int RecvAppData(ByteBuffer[] out, int ofst, int length)
                 default:
                     /* Throw SSLHandshakeException if handshake not finished */
                     if (!this.handshakeFinished) {
-                        SSLHandshakeException hse =
-                            new SSLHandshakeException(
+                        SSLHandshakeException hse = new SSLHandshakeException(
                             "SSL/TLS handshake error in read: " + ret +
                             " , err = " + err);
                         if (this.engineHelper != null) {
@@ -1235,11 +1234,13 @@ private synchronized int RecvAppData(ByteBuffer[] out, int ofst, int length)
                 /* Copy from intermediate buffer to output bufs */
                 for (i = 0; i < ret;) {
                     if (idx + ofst >= length) {
+                        /* no more output buffers left */
                         break;
                     }
 
                     bufSpace = out[idx + ofst].remaining();
                     if (bufSpace == 0) {
+                        /* no more space in current out buffer, advance */
                         idx++;
                         continue;
                     }
@@ -1450,13 +1451,15 @@ else if (hs == SSLEngineResult.HandshakeStatus.NEED_WRAP &&
                          * report bytesConsumed() == 0. DTLS still
                          * relies on the native WANT_READ path. */
                         boolean bufferUnderflow = false;
-                        if (inRemaining > 0 &&
-                            (this.ssl.dtls() == 0)) {
+                        if (inRemaining > 0 && (this.ssl.dtls() == 0)) {
                             synchronized (netDataLock) {
                                 int pos = in.position();
                                 if (inRemaining < TLS_RECORD_HEADER_LEN) {
+                                    /* Not enough for TLS record header */
                                     bufferUnderflow = true;
                                 } else {
+                                    /* Peek at record length from header
+                                     * bytes 3-4 (big-endian) */
                                     int recLen =
                                         ((in.get(pos + TLS_RECORD_LEN_HI_OFF)
                                             & 0xFF) << 8) |
@@ -1482,8 +1485,7 @@ else if (hs == SSLEngineResult.HandshakeStatus.NEED_WRAP &&
                                 for (int pos = 0;
                                         pos < this.pendingAppDataLen;) {
                                     if (idx2 + ofst >= length) break;
-                                    int space =
-                                        out[idx2 + ofst].remaining();
+                                    int space = out[idx2 + ofst].remaining();
                                     if (space == 0) { idx2++; continue; }
                                     int sz2 = Math.min(space,
                                         this.pendingAppDataLen - pos);
@@ -1537,8 +1539,7 @@ else if (inRemaining > 0 &&
                                     in.position(inPosition);
                                 }
                                 produced = 0;
-                                status =
-                                    SSLEngineResult.Status.BUFFER_OVERFLOW;
+                                status = SSLEngineResult.Status.BUFFER_OVERFLOW;
                             }
                             else {
                                 /* Check for BUFFER_OVERFLOW status. This can
@@ -1657,9 +1658,8 @@ else if (ret < 0 &&
                                     "SSL/TLS handshake error, ret:err = " +
                                     ret + " : " + err);
                                 if (this.engineHelper != null) {
-                                    Exception verifyEx2 =
-                                        this.engineHelper
-                                            .getLastVerifyException();
+                                    Exception verifyEx2 = this.engineHelper
+                                        .getLastVerifyException();
                                     if (verifyEx2 != null) {
                                         hse2.initCause(verifyEx2);
                                     }

src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java

@@ -866,8 +866,7 @@ private boolean isTls13CipherSuite(String suite) {
         }
 
         return suite.startsWith("TLS_AES_") ||
-            suite.startsWith("TLS_CHACHA20_") ||
-            suite.startsWith("TLS_SM4_");
+            suite.startsWith("TLS_CHACHA20_") || suite.startsWith("TLS_SM4_");
     }
 
     private String[] getEffectiveProtocolsForCiphers(String[] protocols,
@@ -948,8 +947,7 @@ else if ("TLSv1.2".equals(proto) || "DTLSv1.2".equals(proto) ||
         return protocols;
     }
 
-    private void applyConfiguredCipherProtocolSettings()
-        throws SSLException {
+    private void applyConfiguredCipherProtocolSettings() throws SSLException {
 
         String[] suites;
         String[] protocols;
@@ -1081,8 +1079,7 @@ private void setLocalServerNames(SSLEngine engine) {
         /* SSLEngine(host, port) should send SNI by default if no explicit
          * server names were configured and SNI extension is enabled. */
         boolean isEngineConnectionWithHost = this.clientMode &&
-                engine != null &&
-                this.hostname != null &&
+                engine != null && this.hostname != null &&
                 this.params.getServerNames() == null;
 
         /* Enable SNI if explicitly requested via property, if

src/java/com/wolfssl/provider/jsse/WolfSSLImplementSSLSession.java

@@ -1136,8 +1136,7 @@ public synchronized List<SNIServerName> getRequestedServerNames()
         byte[] sniRequestArr = null;
 
         if (this.ssl == null) {
-            if (this.sniServerNames != null &&
-                !this.sniServerNames.isEmpty()) {
+            if (this.sniServerNames != null && !this.sniServerNames.isEmpty()) {
                 return Collections.unmodifiableList(
                     new ArrayList<SNIServerName>(this.sniServerNames));
             }

src/java/com/wolfssl/provider/jsse/WolfSSLInternalVerifyCb.java

@@ -310,8 +310,7 @@ else if (sock != null) {
             }
         } catch (Exception e) {
             WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
-                () -> "Hostname verification error: " +
-                e.getMessage());
+                () -> "Hostname verification error: " + e.getMessage());
             this.verifyException = e;
             return 0;
         } finally {
@@ -545,29 +544,47 @@ public int verifyCallback(int preverify_ok, long x509StorePtr) {
         }
 
         /* If server-side application has explicitly disabled client
-         * authentication, return as success and skip X509TrustManager
-         * verification */
+         * authentication (neither needClientAuth nor wantClientAuth set),
+         * return as success and skip X509TrustManager verification. */
         if ((!this.clientMode) && (this.params != null) &&
-            (!this.params.getNeedClientAuth())) {
+            (!this.params.getNeedClientAuth()) &&
+            (!this.params.getWantClientAuth())) {
             WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
-                () -> "Application has disabled client verification with " +
-                "setNeedClientAuth(false), skipping verification");
+                () -> "Application has disabled client verification " +
+                "(needClientAuth=false, wantClientAuth=false), " +
+                "skipping verification");
             return 1;
         }
-        else if ((preverify_ok == 1) && (x509certs.length == 0) &&
+        else if ((x509certs.length == 0) &&
             (!this.clientMode) && (this.params != null) &&
             this.params.getWantClientAuth() &&
             (!this.params.getNeedClientAuth())) {
-            /* If native wolfSSL verification has passed, and we have no peer
-             * certificates, if application has set client authentication be
-             * requested (wantClientAuth == true), but not fatal if no
-             * certificate was sent (needClientAuth == false), don't call
-             * TrustManager with empty certificate chain just consider
-             * verification successful at this point */
+            /* No peer certificates sent and client authentication is
+             * optional (wantClientAuth == true, needClientAuth == false).
+             * Don't call TrustManager with empty certificate chain,
+             * just consider verification successful. Don't require
+             * preverify_ok == 1 here since native wolfSSL may report
+             * failure when no CAs are loaded (foreign TrustManager). */
             WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
                 () -> "No client cert sent and client auth marked optional, " +
                 "not calling TrustManager for hostname verification");
         }
+        else if ((!this.clientMode) && (this.params != null) &&
+            this.params.getWantClientAuth() &&
+            (!this.params.getNeedClientAuth())) {
+            /* wantClientAuth is set and client sent a certificate.
+             * Try to verify via TrustManager, but don't fail the
+             * handshake if verification fails — wantClientAuth means
+             * verification failure is non-fatal (JSSE contract). */
+            if (VerifyCertChainWithTrustManager(x509certs, authType)) {
+                WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
+                    () -> "wantClientAuth: client cert verified successfully");
+            } else {
+                WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
+                    () -> "wantClientAuth: client cert verification failed, " +
+                    "continuing handshake (non-fatal)");
+            }
+        }
         else {
             /* Poll X509TrustManager / X509ExtendedTrustManager for certificate
              * verification status. Returns 0 if certificates are rejected,

src/java/com/wolfssl/provider/jsse/WolfSSLSessionContext.java

@@ -91,8 +91,7 @@ public SSLSession getSession(byte[] sessionId) {
                 /* Native session may have been freed already */
             }
         }
-        WolfSSLImplementSSLSession session =
-            store.getSession(sessionId, side);
+        WolfSSLImplementSSLSession session = store.getSession(sessionId, side);
         if (session == null) {
             return null;
         }

src/java/com/wolfssl/provider/jsse/WolfSSLTrustX509.java

@@ -335,6 +335,77 @@ private X509Certificate findRootCAFromKeyStoreForCert(X509Certificate cert,
         return null;
     }
 
+    /**
+     * Find the actual issuer of a certificate from the KeyStore by checking
+     * both subject DN match and signature verification. This handles the case
+     * where multiple CA certificates share the same subject DN (e.g.,
+     * cross-signed roots with the same CN but different key pairs).
+     *
+     * @param cert Certificate whose issuer we want to find
+     * @param ks KeyStore containing trusted CA certificates
+     *
+     * @return The CA certificate that actually signed cert, or null if not
+     *         found
+     */
+    private X509Certificate findIssuerBySignature(X509Certificate cert,
+        KeyStore ks) {
+
+        if (cert == null || ks == null) {
+            return null;
+        }
+
+        X500Principal issuerDN = cert.getIssuerX500Principal();
+        if (issuerDN == null) {
+            return null;
+        }
+
+        try {
+            Enumeration<String> aliases = ks.aliases();
+            while (aliases.hasMoreElements()) {
+                String alias = aliases.nextElement();
+                X509Certificate candidate = null;
+
+                if (ks.isKeyEntry(alias)) {
+                    java.security.cert.Certificate[] chain =
+                        ks.getCertificateChain(alias);
+                    if (chain != null && chain.length > 0) {
+                        candidate = (X509Certificate) chain[0];
+                    }
+                } else {
+                    java.security.cert.Certificate c =
+                        ks.getCertificate(alias);
+                    if (c instanceof X509Certificate) {
+                        candidate = (X509Certificate) c;
+                    }
+                }
+
+                if (candidate == null) {
+                    continue;
+                }
+
+                /* Check subject DN matches cert's issuer DN */
+                if (!candidate.getSubjectX500Principal().equals(issuerDN)) {
+                    continue;
+                }
+
+                /* Verify the signature to confirm this is the actual issuer,
+                 * not just a CA with the same subject DN */
+                try {
+                    cert.verify(candidate.getPublicKey());
+                    return candidate;
+                } catch (Exception e) {
+                    /* Signature didn't match, try next candidate */
+                }
+            }
+        } catch (KeyStoreException e) {
+            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
+                () -> "KeyStoreException in findIssuerBySignature: " +
+                e.getMessage());
+        }
+
+        return null;
+    }
+
     /**
      * Verify cert chain using WolfSSLCertManager.
      * Do all loading and verification in one function to avoid holding native
@@ -404,7 +475,13 @@ private List<X509Certificate> certManagerVerify(
          * Similarly to native wolfSSL WOLFSSL_ALT_CERT_CHAINS behavior: if a CA
          * certificate cannot be verified, we skip it and continue building
          * the chain through other certificates. This allows handling of
-         * cross-signed certificates and extra certificates in the chain. */
+         * cross-signed certificates and extra certificates in the chain.
+         *
+         * When verification fails for a CA cert, we also try to find its
+         * actual issuer in the KeyStore by signature verification. This
+         * handles the case where multiple CAs share the same subject DN
+         * (e.g., cross-signed roots) and the native CA lookup returns the
+         * wrong one first. */
 
         for (int i = sortedCerts.length-1; i > 0; i--) {
             final int tmpI = i;
@@ -418,22 +495,48 @@ private List<X509Certificate> certManagerVerify(
             ret = cm.CertManagerVerifyBuffer(encoded, encoded.length,
                     WolfSSL.SSL_FILETYPE_ASN1);
             if (ret != WolfSSL.SSL_SUCCESS) {
-                /* Failure here is ok if this is a CA cert and we can still
-                 * build and verify a complete chain. Some cert chains may
-                 * include extra CA certs. Similar to native wolfSSL
-                 * WOLFSSL_ALT_CERT_CHAINS. */
+                /* Verification failed. If this is a CA cert, try to find
+                 * and load its actual issuer from the KeyStore. This handles
+                 * cross-signed certs where multiple CAs share the same
+                 * subject DN but have different keys. */
                 if (sortedCerts[tmpI].getBasicConstraints() != -1) {
-                    /* This is a CA certificate, skip it and continue.
-                     * Do not add it to the certificate manager. */
-                    WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
-                        () -> "Using alternate cert chain (skipping CA): " +
-                        sortedCerts[tmpI].getSubjectX500Principal().getName());
-                    continue;
+                    X509Certificate issuer = findIssuerBySignature(
+                        sortedCerts[tmpI], this.store);
+                    if (issuer != null) {
+                        /* Found the actual issuer, load it and retry */
+                        WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
+                            () -> "Found issuer by signature for: " +
+                            sortedCerts[tmpI].getSubjectX500Principal()
+                                .getName());
+                        try {
+                            byte[] issuerEnc = issuer.getEncoded();
+                            cm.CertManagerLoadCABuffer(issuerEnc,
+                                issuerEnc.length, WolfSSL.SSL_FILETYPE_ASN1);
+                        } catch (Exception e) {
+                            /* If loading issuer fails, fall through to
+                             * skip logic below */
+                        }
+                        /* Retry verification after loading issuer */
+                        ret = cm.CertManagerVerifyBuffer(encoded,
+                            encoded.length, WolfSSL.SSL_FILETYPE_ASN1);
+                    }
+                }
+                if (ret != WolfSSL.SSL_SUCCESS) {
+                    if (sortedCerts[tmpI].getBasicConstraints() != -1) {
+                        /* This is a CA certificate, skip it and continue.
+                         * Do not add it to the certificate manager. */
+                        WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
+                            () -> "Using alternate cert chain " +
+                            "(skipping CA): " +
+                            sortedCerts[tmpI].getSubjectX500Principal()
+                                .getName());
+                        continue;
+                    }
+                    /* Non-CA certificates must verify successfully */
+                    cm.free();
+                    throw new CertificateException(
+                        "Failed to verify intermediate chain cert");
                 }
-                /* Non-CA certificates must verify successfully */
-                cm.free();
-                throw new CertificateException(
-                    "Failed to verify intermediate chain cert");
             }
 
             /* Load chain cert as trusted CA */