8286907: keytool should warn about weak PBE algorithms

Hai-May Chao · Hai-May Chao · commit b00b70c2400d · 2023-02-02T21:17:08.000Z
Reviewed-by: mullan, weijun
diff --git a/src/java.base/share/classes/sun/security/tools/keytool/Main.java b/src/java.base/share/classes/sun/security/tools/keytool/Main.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -1837,6 +1837,11 @@ private void doGenSecretKey(String alias, String keyAlgName,
                 useDefaultPBEAlgorithm = false;
             }
 
+            SecretKeyConstraintsParameters skcp =
+                    new SecretKeyConstraintsParameters(secKey);
+            checkWeakConstraint(rb.getString("the.generated.secretkey"),
+                    keyAlgName, skcp);
+
             if (verbose) {
                 MessageFormat form = new MessageFormat(rb.getString(
                     "Generated.keyAlgName.secret.key"));
@@ -5068,6 +5073,16 @@ private void checkWeakConstraint(String label, CRL crl, Key key,
         }
     }
 
+    private void checkWeakConstraint(String label, String keyAlg,
+            SecretKeyConstraintsParameters skcp) {
+        try {
+            LEGACY_CHECK.permits(keyAlg, skcp, false);
+        } catch (CertPathValidatorException e) {
+            weakWarnings.add(String.format(
+                    rb.getString("key.algorithm.weak"), label, keyAlg));
+        }
+    }
+
     private void checkWeak(String label, CRL crl, Key key) {
         if (crl instanceof X509CRLImpl impl) {
             checkWeak(label, impl.getSigAlgName(), key);
diff --git a/test/jdk/sun/security/tools/keytool/WeakSecretKeyTest.java b/test/jdk/sun/security/tools/keytool/WeakSecretKeyTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
 
 /*
  * @test
- * @bug 8255552 8286090
+ * @bug 8255552 8286090 8286907
  * @summary Test keytool commands associated with secret key entries which use weak algorithms
  * @library /test/lib
  */
@@ -108,5 +108,24 @@ public static void main(String[] args) throws Exception {
                 .shouldContain("Warning")
                 .shouldMatch("The generated secret key uses a 128-bit AES key.*considered a security risk")
                 .shouldHaveExitValue(0);
+
+        SecurityTools.keytool("-keystore ks.p12 -storepass changeit " +
+                "-genseckey -keyalg PBEWithMD5AndDES -alias pbekey1")
+                .shouldContain("Warning")
+                .shouldMatch("The generated secret key uses the PBEWithMD5AndDES algorithm.*considered a security risk")
+                .shouldHaveExitValue(0);
+
+        SecurityTools.keytool("-keystore ks.p12 -storepass changeit " +
+                "-genseckey -keyalg PBEWithSHA1AndDESede -alias pbekey2")
+                .shouldContain("Warning")
+                .shouldMatch("The generated secret key uses the PBEWithSHA1AndDESede algorithm.*considered a security risk")
+                .shouldHaveExitValue(0);
+
+        SecurityTools.setResponse("changeit", "changeit");
+        SecurityTools.keytool("-keystore ks.p12 -storepass changeit " +
+                "-importpass -keyalg PBEWithMD5AndDES -alias newentry")
+                .shouldContain("Warning")
+                .shouldMatch("The generated secret key uses the PBEWithMD5AndDES algorithm.*considered a security risk")
+                .shouldHaveExitValue(0);
     }
 }
