Skip to content

Make it possible to notify the TrustManager of resumed sessions#14358

Merged
chrisvest merged 32 commits intonetty:4.1from
chrisvest:4.1-resumable-tm
Sep 27, 2024
Merged

Make it possible to notify the TrustManager of resumed sessions#14358
chrisvest merged 32 commits intonetty:4.1from
chrisvest:4.1-resumable-tm

Conversation

@chrisvest
Copy link
Copy Markdown
Member

@chrisvest chrisvest commented Sep 21, 2024
edited
Loading

Motivation:
Some trust manager implementations produce custom user principals and store them in the SSLSession. Resumed TLS sessions, however, don't always recover the stored contents. For instance, with TLSv1.3 stateless session resumption, our TLS implementations only store the peer certificate chain (or even just the leaf cert) in the session ticket. In such a case, the trust manager would like to be notified of the resumption, so that the peer principal can be recreated and stored in the session once again.

Modification:
Add a ResumableX509ExtendedTrustManager interface, with callbacks for resumed client and server sessions. Add infrastructure (the ResumptionController) to detect session resumption in an SSLEngine implementation agnostic way; if a TLS handshake completed without any calls to the TrustManager, then we've made a "stateless resumption" (hand-wave details) and should call the appropriate resume method. The JDK APIs don't provide a method to reliably discern if a session has been resumed, so we instead detect if the trust manager was called during the handshake. We do this by wrapping user-supplied trust managers that implement the ResumableX509ExtendedTrustManager interface. The wrapper will monitor calls to the trust manager and register the relevant SSLEngine in the controller — the engine is the object that the trust manager and the SslHandler both have access to, which reliably identifies the specific TLS session. Before finished the handshake, the SslHandler queries the ResumptionController to see if the trust manager has already been called, or if it needs to be notified of resumption. Since it's possible that the peer certificates have expired since the initial session, the trust manager gets another change to throw CertificateException.

Result:
Handlers that expect to find user principals in the authenticated SSLSessions no longer find empty sessions, provided they use a trust manager that correctly implements ResumableX509ExtendedTrustManager.

This is a draft to gage if the general approach is sane. There's still a few things that need to be done:

  • Javadocs.
  • Tests where the resume* methods throw CertificateException.
  • Tests for different transports.
  • Tests that use TCP FastOpen.
  • Tests that use startTls.

@chrisvest chrisvest force-pushed the 4.1-resumable-tm branch 2 times, most recently from 7265063 to 0321af9 Compare September 21, 2024 16:30
@chrisvest chrisvest force-pushed the 4.1-resumable-tm branch 2 times, most recently from 0e7cd81 to 46c8336 Compare September 21, 2024 17:57
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 21, 2024
View reviewed changes
chrisvest
chrisvest commented Sep 21, 2024
View reviewed changes
@chrisvest chrisvest force-pushed the 4.1-resumable-tm branch 3 times, most recently from cd3b1fb to 44e1c7d Compare September 22, 2024 01:05
@chrisvest
Copy link
Copy Markdown
Member Author

chrisvest commented Sep 23, 2024

Looks like Conscrypt on Windows is broken somehow.

normanmaurer
normanmaurer requested changes Sep 23, 2024
View reviewed changes
Copy link
Copy Markdown
Member

@normanmaurer normanmaurer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great idea!

chrisvest
chrisvest commented Sep 23, 2024
View reviewed changes
@chrisvest chrisvest force-pushed the 4.1-resumable-tm branch 3 times, most recently from 5cfbf40 to 6343606 Compare September 23, 2024 22:01
@chrisvest chrisvest mentioned this pull request Sep 24, 2024
Merged
normanmaurer
normanmaurer requested changes Sep 24, 2024
View reviewed changes
normanmaurer
normanmaurer reviewed Sep 24, 2024
View reviewed changes
@chrisvest chrisvest force-pushed the 4.1-resumable-tm branch 2 times, most recently from 0200c43 to bff04aa Compare September 24, 2024 23:32
@chrisvest chrisvest marked this pull request as ready for review September 24, 2024 23:33
normanmaurer
normanmaurer approved these changes Sep 25, 2024
View reviewed changes
@chrisvest
Make it possible to notify the TrustManager of resumed sessions
6e68fe7 
Motivation:
Some trust manager implementations produce custom user principals and store them in the SSLSession.
Resumed TLS sessions, however, don't always recover the stored contents.
For instance, with TLSv1.3 stateless session resumption, our TLS implementations only store the peer certificate chain (or even just the leaf cert) in the session ticket.
In such a case, the trust manager would like to be notified of the resumption, so that the peer principal can be recreated and stored in the session once again.

Modification:
Add a `ResumableX509ExtendedTrustManager` interface, with callbacks for resumed client and server sessions.
Add infrastructure (the `ResumptionController`) to detect session resumption in an SSLEngine implementation agnostic way; if a TLS handshake completed without any calls to the TrustManager, then we've made a "stateless resumption" (hand-wave details) and should call the appropriate resume method.
The JDK APIs don't provide a method to reliably discern if a session has been resumed, so we instead detect if the trust manager was called during the handshake.
We do this by wrapping user-supplied trust managers that implement the `ResumableX509ExtendedTrustManager` interface.
The wrapper will monitor calls to the trust manager and register the relevant `SSLEngine` in the controller — the engine is the object that the trust manager and the `SslHandler` both have access to, which reliably identifies the specific TLS session.
Before finished the handshake, the `SslHandler` queries the `ResumptionController` to see if the trust manager has already been called, or if it needs to be notified of resumption.
Since it's possible that the peer certificates have expired since the initial session, the trust manager gets another change to throw CertificateException.

Result:
Handlers that expect to find user principals in the authenticated SSLSessions no longer find empty sessions, provided they use a trust manager that correctly implements ResumableX509ExtendedTrustManager.
@chrisvest
Test debugging
09a3811
@chrisvest
Test debugging
f20b728
@chrisvest
Hide the ResumptionController from the public API
03fc08d
@chrisvest
Copy link
Copy Markdown
Member Author

chrisvest commented Sep 26, 2024

@normanmaurer I think this is good to go, assuming the tests are no longer flaky.

chrisvest
chrisvest commented Sep 26, 2024
View reviewed changes
@chrisvest
Attempt to catch the StacklessClosedChannelException in SocketSslSess…
81aec45 
…ionReuseTest.testSslSessionTrustManagerResumption
normanmaurer
normanmaurer requested changes Sep 26, 2024
View reviewed changes
normanmaurer
normanmaurer requested changes Sep 26, 2024
View reviewed changes
Copy link
Copy Markdown
Member

@normanmaurer normanmaurer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Almost there...

@normanmaurer
Copy link
Copy Markdown
Member

normanmaurer commented Sep 26, 2024

Great work... Ship it!

@chrisvest chrisvest added this to the 4.1.114.Final milestone Sep 26, 2024
@chrisvest
Copy link
Copy Markdown
Member Author

chrisvest commented Sep 26, 2024

The Java 11 Graal build failure is caused by #14375.

The Java 11 BoringSSL build fails with an OOME in the HTTP/2 module at io.netty.handler.codec.http2.HpackDynamicTable.setCapacity(HpackDynamicTable.java:182), and I'm not immediately convinced it's related to these changes.

@chrisvest chrisvest merged commit 3f66dd2 into netty:4.1 Sep 27, 2024
@chrisvest chrisvest deleted the 4.1-resumable-tm branch September 27, 2024 02:33
@chrisvest
Copy link
Copy Markdown
Member Author

chrisvest commented Sep 27, 2024

Will do the forward merge tomorrow

chrisvest added a commit that referenced this pull request Sep 27, 2024
@chrisvest
Make it possible to notify the TrustManager of resumed sessions (#14358)
85f1335
@chrisvest chrisvest mentioned this pull request Sep 28, 2024
Merged
chrisvest added a commit to chrisvest/netty that referenced this pull request Oct 18, 2024
@chrisvest
Make it possible to notify the TrustManager of resumed sessions (nett…
7a84470 
…y#14358)
chrisvest added a commit that referenced this pull request Oct 23, 2024
@chrisvest
Make it possible to notify the TrustManager of resumed sessions (#14378)
c73ed93 
Motivation:
Some trust manager implementations produce custom user principals and
store them in the SSLSession. Resumed TLS sessions, however, don't
always recover the stored contents. For instance, with TLSv1.3 stateless
session resumption, our TLS implementations only store the peer
certificate chain (or even just the leaf cert) in the session ticket. In
such a case, the trust manager would like to be notified of the
resumption, so that the peer principal can be recreated and stored in
the session once again.

Modification:
Add a ResumableX509ExtendedTrustManager interface, with callbacks for
resumed client and server sessions. Add infrastructure (the
ResumptionController) to detect session resumption in an SSLEngine
implementation agnostic way; if a TLS handshake completed without any
calls to the TrustManager, then we've made a "stateless resumption"
(hand-wave details) and should call the appropriate resume method. The
JDK APIs don't provide a method to reliably discern if a session has
been resumed, so we instead detect if the trust manager was called
during the handshake. We do this by wrapping user-supplied trust
managers that implement the ResumableX509ExtendedTrustManager interface.
The wrapper will monitor calls to the trust manager and register the
relevant SSLEngine in the controller — the engine is the object that the
trust manager and the SslHandler both have access to, which reliably
identifies the specific TLS session. Before finished the handshake, the
SslHandler queries the ResumptionController to see if the trust manager
has already been called, or if it needs to be notified of resumption.
Since it's possible that the peer certificates have expired since the
initial session, the trust manager gets another change to throw
CertificateException.

Result:
Handlers that expect to find user principals in the authenticated
SSLSessions no longer find empty sessions, provided they use a trust
manager that correctly implements ResumableX509ExtendedTrustManager.

This is a forward port of #14358,
#14404, and
#14411
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@normanmaurer normanmaurer normanmaurer approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

4.1.114.Final

Development

Successfully merging this pull request may close these issues.

3 participants

@chrisvest @normanmaurer @github-advanced-security