[
https://issues.apache.org/jira/browse/QPID-7309?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15343892#comment-15343892
]
Keith Wall commented on QPID-7309:
----------------------------------
There will need to be a change to the public API for configuring message
encryption trust. The client needs its own source of trust anchors (aka root
certificates) for the purposes of chain of trust validation of a recipient's
certificate. If SSL certificate signed by a public CA are in use, the client
can fallback on JVM's own truststore. In a private/self-signed CA is in use,
the client needs configuration for its own source of trust. We don't
currently have a way to give this to the client.
The client currently accepts a parameters {{encryption_trust_store}} (client
manages recipent's certificates itself) and {{encryption_remote_trust_store}}
(client receives recipent's certificates from the Broker). These are in fact
peer certificate stores/sources rather than 'trust' stores/sources so these
parameters should probably be renamed for clarity.
In order for the client to validate the chain of trust, it will require the
CA's intermediates too. For the case where the Broker is distributing the
certificates, the Broker should probably be distributing the intermediate
certificates too. {{ManagedPeerCertificateStore}} gathers the peers'
certificates - but it does not currently collect the intermediate. The user
could manually add the intermediates to the trust store or there might be a
method this could be automated. This needs some more investigation.
Smaller issues noted too:
* MessageEncryptionHelper does not revalidate a cached certificate's expiration
before re-use. It should.
* MessageEncryptionHelper#226 looked suspicious. Does the algorithm really
intend the certificate with the shortest time remaining?
> [Java Client] [Message Encryption] Improve verification of the recipient's
> certificate
> --------------------------------------------------------------------------------------
>
> Key: QPID-7309
> URL: https://issues.apache.org/jira/browse/QPID-7309
> Project: Qpid
> Issue Type: Improvement
> Components: Java Client
> Reporter: Keith Wall
> Fix For: qpid-java-6.1, qpid-java-6.0.4
>
>
> The current implementation of end-to-end message encryption permits the
> encryption of messages with an untrusted certificates. The default behaviour
> should validate the certificate's chain of trust by default and fail if the
> chain of trust cannot be established.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
