1. connect2id Avatar connect2id
  2. Crypto
  3. Nimbus-JOSE-JWT
  4. Issues

x5c path validation

Issue #230 wontfix
Former user created an issue

I seem to have encountered a bug with RSASSAVerifier.verify when verifying an x5c header. This may also be my failure to understand how this stuff works, so allow me to sketch our intended scenario

  • We have a certificate-authority whose certificate CA we keep in our truststore
  • CA private key is used to create certificates c1 .. cn, which are used to sign payloads
  • signed payloads include the x5c header, with the first certificate be one of c1 ... cn, and the second element is set to CA
  • when submitting signed payloads, they are verified using RSASSAVerifier.verify with CA as the public key.

The above works, however, validation also passes for a case which I believe should be excluded according to RFC-7515 - x5c header, namely when the path is invalid. In this case we create an arbitrary certificate y, where y is NOT signed by CA. We sign the payload using y, and create an x5c header with the first element set to y and the second element set to CA. In other words, we have a signed payload with the signee included, as well as the trusted CA, but these do not form a valid chain. If my understanding is right, this shouldn't pass validation. Is this something you can confirm, or should I be doing this in different way?

Thanks in advance for looking into this!

Comments (2)

  1. Connect2id OSS

    Hi!

    The RSA signature verifier doesn't actually deal with x5c headers. Could you include some sample code?

  2. Vladimir Dzhuvinov

    I think there's some misunderstanding here.

    The verify method is for validating the JWS signature with the supplied key. It is not for validating the 'x5c' or the key itself. To validate the x.509 certificate chain you should use an appropriate X.509 utility. This typically requires setting a set of trusted CAs, by providing their certificates, typically via a trust store.

    Only after that, if the key is found to be trusted, the signature validation method may be called.

    The OAuth WG is currently working on a best practises document for JWT: https://tools.ietf.org/html/draft-ietf-oauth-jwt-bcp-00

  3. Log in to comment
Assignee
Type
bug
Priority
major
Status
wontfix
Component
Milestone
Votes
0
Watchers
None
Jira: the preferred issue tracker for Bitbucket. Join the team!