8269039: Disable SHA-1 Signed JARs

Reviewed-by: weijun

Author: seanjmullan

src/java.base/share/classes/module-info.java

@@ -318,7 +318,8 @@
         jdk.crypto.ec,
         jdk.security.auth;
     exports sun.security.provider.certpath to
-        java.naming;
+        java.naming,
+        jdk.jartool;
     exports sun.security.rsa to
         jdk.crypto.cryptoki;
     exports sun.security.timestamp to

src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2021, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -131,7 +131,7 @@ public AlgorithmChecker(AlgorithmConstraints constraints, String variant) {
      *     certificate
      * @param constraints the algorithm constraints (or null)
      * @param date the date specified by the PKIXParameters date, or the
-     *             JAR timestamp if jar files are being validated and the
+     *             timestamp if JAR files are being validated and the
      *             JAR is timestamped. May be null if no timestamp or
      *             PKIXParameter date is set.
      * @param variant the Validator variant of the operation. A null value
@@ -160,17 +160,19 @@ public AlgorithmChecker(TrustAnchor anchor,
 
     /**
      * Create a new {@code AlgorithmChecker} with the given {@code TrustAnchor},
-     * {@code PKIXParameter} date, and {@code varient}
+     * {@code PKIXParameter} date, and {@code variant}.
      *
      * @param anchor the trust anchor selected to validate the target
      *     certificate
-     * @param pkixdate Date the constraints are checked against. The value is
-     *             either the PKIXParameters date or null for the current date.
+     * @param date the date specified by the PKIXParameters date, or the
+     *             timestamp if JAR files are being validated and the
+     *             JAR is timestamped. May be null if no timestamp or
+     *             PKIXParameter date is set.
      * @param variant the Validator variant of the operation. A null value
      *                passed will set it to Validator.GENERIC.
      */
-    public AlgorithmChecker(TrustAnchor anchor, Date pkixdate, String variant) {
-        this(anchor, certPathDefaultConstraints, pkixdate, variant);
+    public AlgorithmChecker(TrustAnchor anchor, Date date, String variant) {
+        this(anchor, certPathDefaultConstraints, date, variant);
     }
 
     @Override

src/java.base/share/classes/sun/security/provider/certpath/CertPathConstraintsParameters.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2020, 2021, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -39,7 +39,7 @@
  * constraints specified in the jdk.certpath.disabledAlgorithms security
  * property.
  */
-class CertPathConstraintsParameters implements ConstraintsParameters {
+public class CertPathConstraintsParameters implements ConstraintsParameters {
     // The public key of the certificate
     private final Key key;
     // The certificate's trust anchor which will be checked against the
@@ -103,7 +103,7 @@ public String extendedExceptionMsg() {
     @Override
     public String toString() {
         StringBuilder sb = new StringBuilder("[\n");
-        sb.append("\n  Variant: ").append(variant);
+        sb.append("  Variant: ").append(variant);
         if (anchor != null) {
             sb.append("\n  Anchor: ").append(anchor);
         }

src/java.base/share/classes/sun/security/provider/certpath/PKIX.java

@@ -88,6 +88,7 @@ static class ValidatorParams {
         private Set<TrustAnchor> anchors;
         private List<X509Certificate> certs;
         private Timestamp timestamp;
+        private Date timestampDate;
         private String variant = Validator.VAR_GENERIC;
 
         ValidatorParams(CertPath cp, PKIXParameters params)
@@ -154,10 +155,20 @@ List<CertStore> certStores() {
                 stores = params.getCertStores();
             return stores;
         }
+        // The date() param is used when enforcing the validity period
+        // of certificates and when checking the time period of revocation data.
+        // The main difference between the date() and timestamp() method is
+        // that the date() method only uses the timestamp (if specified)
+        // for certificates in a code signer's chain.
         Date date() {
             if (!gotDate) {
-                // use timestamp if checking signed code that is
-                // timestamped, otherwise use date parameter
+                // Use timestamp if checking signed code that is
+                // timestamped, otherwise use date parameter.
+                // Note that TSA server certificates do not use the
+                // timestamp, which means that an expired TSA certificate
+                // is considered a validation failure. This policy means
+                // that signed and timestamped code is valid until the TSA
+                // certificate expires (assuming all other checks are valid).
                 if (timestamp != null &&
                     variant.equals(Validator.VAR_CODE_SIGNING)) {
                     date = timestamp.getTimestamp();
@@ -209,6 +220,17 @@ PKIXParameters getPKIXParameters() {
         String variant() {
             return variant;
         }
+        // The timestamp() param is passed as the date param when creating an
+        // AlgorithmChecker. An AlgorithmChecker always uses the timestamp
+        // if specified in order to enforce the denyAfter constraint.
+        Date timestamp() {
+            // return timestamp date if set, otherwise use date parameter
+            if (timestampDate == null) {
+                timestampDate = (timestamp != null)
+                    ? timestamp.getTimestamp() : date();
+            }
+            return timestampDate;
+        }
     }
 
     static class BuilderParams extends ValidatorParams {

src/java.base/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -176,8 +176,8 @@ private static PKIXCertPathValidatorResult validate(TrustAnchor anchor,
         List<PKIXCertPathChecker> certPathCheckers = new ArrayList<>();
         // add standard checkers that we will be using
         certPathCheckers.add(untrustedChecker);
-        certPathCheckers.add(new AlgorithmChecker(anchor, null, params.date(),
-                params.variant()));
+        certPathCheckers.add(new AlgorithmChecker(anchor, null,
+                params.timestamp(), params.variant()));
         certPathCheckers.add(new KeyChecker(certPathLen,
                                             params.targetCertConstraints()));
         certPathCheckers.add(new ConstraintsChecker(certPathLen));

src/java.base/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2021, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -344,7 +344,7 @@ private void depthFirstSearchForward(X500Principal dN,
 
                 // add the algorithm checker
                 checkers.add(new AlgorithmChecker(builder.trustAnchor,
-                        buildParams.date(), buildParams.variant()));
+                        buildParams.timestamp(), buildParams.variant()));
 
                 BasicChecker basicChecker = null;
                 if (nextState.keyParamsNeeded()) {

src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java

@@ -39,7 +39,6 @@
 import java.security.spec.MGF1ParameterSpec;
 import java.security.spec.NamedParameterSpec;
 import java.security.spec.PSSParameterSpec;
-import java.text.SimpleDateFormat;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Calendar;
@@ -688,8 +687,6 @@ public void permits(ConstraintsParameters cp)
      */
     private static class DenyAfterConstraint extends Constraint {
         private Date denyAfterDate;
-        private static final SimpleDateFormat dateFormat =
-                new SimpleDateFormat("EEE, MMM d HH:mm:ss z yyyy");
 
         DenyAfterConstraint(String algo, int year, int month, int day) {
             Calendar c;
@@ -723,7 +720,7 @@ private static class DenyAfterConstraint extends Constraint {
             denyAfterDate = c.getTime();
             if (debug != null) {
                 debug.println("DenyAfterConstraint date set to: " +
-                        dateFormat.format(denyAfterDate));
+                        denyAfterDate);
             }
         }
 
@@ -754,8 +751,8 @@ public void permits(ConstraintsParameters cp)
                 throw new CertPathValidatorException(
                         "denyAfter constraint check failed: " + algorithm +
                         " used with Constraint date: " +
-                        dateFormat.format(denyAfterDate) + "; params date: " +
-                        dateFormat.format(currentDate) + cp.extendedExceptionMsg(),
+                        denyAfterDate + "; params date: " +
+                        currentDate + cp.extendedExceptionMsg(),
                         null, null, -1, BasicReason.ALGORITHM_CONSTRAINED);
             }
         }

src/java.base/share/classes/sun/security/util/JarConstraintsParameters.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2020, 2021, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -50,9 +50,9 @@ public class JarConstraintsParameters implements ConstraintsParameters {
     private boolean anchorIsJdkCASet;
     // The timestamp of the signed JAR file, if timestamped
     private Date timestamp;
-    // The keys of the signers
+    // The keys of the signers and TSA
     private final Set<Key> keys;
-    // The certs in the signers' chains that are issued by the trust anchor
+    // The certs in the signers and TSA chain that are issued by the trust anchor
     private final Set<X509Certificate> certsIssuedByAnchor;
     // The extended exception message
     private String message;
@@ -73,7 +73,7 @@ public JarConstraintsParameters(CodeSigner[] signers) {
         // used for checking if the signer's certificate chains back to a
         // JDK root CA
         for (CodeSigner signer : signers) {
-            init(signer.getSignerCertPath());
+            addToCertsAndKeys(signer.getSignerCertPath());
             Timestamp timestamp = signer.getTimestamp();
             if (timestamp == null) {
                 // this means one of the signers doesn't have a timestamp
@@ -82,7 +82,7 @@ public JarConstraintsParameters(CodeSigner[] signers) {
                 skipTimestamp = true;
             } else {
                 // add the key and last cert of TSA too
-                init(timestamp.getSignerCertPath());
+                addToCertsAndKeys(timestamp.getSignerCertPath());
                 if (!skipTimestamp) {
                     Date timestampDate = timestamp.getTimestamp();
                     if (latestTimestamp == null) {
@@ -98,11 +98,27 @@ public JarConstraintsParameters(CodeSigner[] signers) {
         this.timestamp = latestTimestamp;
     }
 
-    // extract last certificate and key from chain
-    private void init(CertPath cp) {
+    public JarConstraintsParameters(List<X509Certificate> chain, Timestamp timestamp) {
+        this.keys = new HashSet<>();
+        this.certsIssuedByAnchor = new HashSet<>();
+        addToCertsAndKeys(chain);
+        if (timestamp != null) {
+            addToCertsAndKeys(timestamp.getSignerCertPath());
+            this.timestamp = timestamp.getTimestamp();
+        } else {
+            this.timestamp = null;
+        }
+    }
+
+    // extract last certificate and signer's public key from chain
+    private void addToCertsAndKeys(CertPath cp) {
         @SuppressWarnings("unchecked")
         List<X509Certificate> chain =
             (List<X509Certificate>)cp.getCertificates();
+        addToCertsAndKeys(chain);
+    }
+
+    private void addToCertsAndKeys(List<X509Certificate> chain) {
         if (!chain.isEmpty()) {
             this.certsIssuedByAnchor.add(chain.get(chain.size() - 1));
             this.keys.add(chain.get(0).getPublicKey());
@@ -168,7 +184,7 @@ public String extendedExceptionMsg() {
     @Override
     public String toString() {
         StringBuilder sb = new StringBuilder("[\n");
-        sb.append("\n  Variant: ").append(getVariant());
+        sb.append("  Variant: ").append(getVariant());
         sb.append("\n  Certs Issued by Anchor:");
         for (X509Certificate cert : certsIssuedByAnchor) {
             sb.append("\n    Cert Issuer: ")

src/java.base/share/conf/security/java.security

@@ -558,7 +558,7 @@ sun.security.krb5.maxReferrals=5
 # can be included in the disabledAlgorithms properties.  These properties are
 # to help manage common actions easier across multiple disabledAlgorithm
 # properties.
-# There is one defined security property:  jdk.disabled.NamedCurves
+# There is one defined security property:  jdk.disabled.namedCurves
 # See the property for more specific details.
 #
 #
@@ -634,7 +634,8 @@ sun.security.krb5.maxReferrals=5
 #
 #
 jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
-    RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224
+    RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \
+    SHA1 usage SignedJAR & denyAfter 2019-01-01
 
 #
 # Legacy algorithms for certification path (CertPath) processing and
@@ -698,7 +699,7 @@ jdk.security.legacyAlgorithms=SHA1, \
 # See "jdk.certpath.disabledAlgorithms" for syntax descriptions.
 #
 jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
-      DSA keySize < 1024
+      DSA keySize < 1024, SHA1 denyAfter 2019-01-01
 
 #
 # Algorithm restrictions for Secure Socket Layer/Transport Layer Security