Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
8259401: Add checking to jarsigner to warn weak algorithms used in si…
…gner’s cert chain

Reviewed-by: mullan, weijun, rhalade
  • Loading branch information
Hai-May Chao authored and wangweij committed Jan 13, 2021
1 parent ccdf171 commit c7e2174
Show file tree
Hide file tree
Showing 2 changed files with 143 additions and 3 deletions.
@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -1401,6 +1401,35 @@ private void checkWeakSign(PrivateKey key) {
}
}

private static String checkWeakKey(PublicKey key) {
int kLen = KeyUtil.getKeySize(key);
if (DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, key)) {
if (LEGACY_CHECK.permits(SIG_PRIMITIVE_SET, key)) {
if (kLen >= 0) {
return String.format(rb.getString("key.bit"), kLen);
} else {
return rb.getString("unknown.size");
}
} else {
return String.format(rb.getString("key.bit.weak"), kLen);
}
} else {
return String.format(rb.getString("key.bit.disabled"), kLen);
}
}

private static String checkWeakAlg(String alg) {
if (DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, alg, null)) {
if (LEGACY_CHECK.permits(SIG_PRIMITIVE_SET, alg, null)) {
return alg;
} else {
return String.format(rb.getString("with.weak"), alg);
}
} else {
return String.format(rb.getString("with.disabled"), alg);
}
}

private static MessageFormat validityTimeForm = null;
private static MessageFormat notYetTimeForm = null;
private static MessageFormat expiredTimeForm = null;
Expand Down Expand Up @@ -1444,12 +1473,31 @@ String printCert(boolean isTsCert, String tab, Certificate c,
}

if (x509Cert != null) {
PublicKey key = x509Cert.getPublicKey();
String sigalg = x509Cert.getSigAlgName();

certStr.append("\n").append(tab).append("[");

// Process the certificate in the signer's cert chain to see if
// weak algorithms are used, and provide warnings as needed.
if (trustedCerts.contains(x509Cert)) {
// If the cert is trusted, only check its key size, but not its
// signature algorithm.
certStr.append("\n").append(tab)
.append("Signature algorithm: ")
.append(sigalg)
.append(rb.getString("COMMA"))
.append(checkWeakKey(key));

certStr.append("\n").append(tab).append("[");
certStr.append(rb.getString("trusted.certificate"));
} else {
certStr.append("\n").append(tab)
.append("Signature algorithm: ")
.append(checkWeakAlg(sigalg))
.append(rb.getString("COMMA"))
.append(checkWeakKey(key));

certStr.append("\n").append(tab).append("[");

Date notAfter = x509Cert.getNotAfter();
try {
boolean printValidity = true;
Expand Down
92 changes: 92 additions & 0 deletions test/jdk/sun/security/tools/jarsigner/CheckSignerCertChain.java
@@ -0,0 +1,92 @@
/*
* Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/

/*
* @test
* @bug 8259401
* @summary Check certificates in signer's cert chain to see if warning emitted
* @library /test/lib
*/

import jdk.test.lib.SecurityTools;
import jdk.test.lib.process.OutputAnalyzer;
import jdk.test.lib.util.JarUtils;

import java.nio.file.Path;

public class CheckSignerCertChain {

static OutputAnalyzer kt(String cmd, String ks) throws Exception {
return SecurityTools.keytool("-storepass changeit " + cmd +
" -keystore " + ks);
}

static void gencert(String owner, String cmd) throws Exception {
kt("-certreq -alias " + owner + " -file tmp.req", "ks");
kt("-gencert -infile tmp.req -outfile tmp.cert " + cmd, "ks");
kt("-importcert -alias " + owner + " -file tmp.cert", "ks");
}

public static void main(String[] args) throws Exception {

// root certificate using SHA1withRSA and 1024-bit key
System.out.println("Generating a root cert using SHA1withRSA and 1024-bit key");
kt("-genkeypair -keyalg rsa -alias ca -dname CN=CA -ext bc:c " +
"-keysize 1024 -sigalg SHA1withRSA", "ks");
kt("-genkeypair -keyalg rsa -alias ca1 -dname CN=CA1", "ks");
kt("-genkeypair -keyalg rsa -alias e1 -dname CN=E1", "ks");

// intermediate certificate using SHA1withRSA and 2048-bit key
System.out.println("Generating an intermediate cert using SHA1withRSA and 2048-bit key");
gencert("ca1", "-alias ca -ext san=dns:ca1 -ext bc:c " +
"-sigalg SHA1withRSA ");

// end entity certificate using SHA256withRSA and 2048-bit key
System.out.println("Generating an end entity cert using SHA256withRSA and 2048-bit key");
gencert("e1", "-alias ca1 -ext san=dns:e1 ");

JarUtils.createJarFile(Path.of("a.jar"), Path.of("."), Path.of("ks"));

SecurityTools.jarsigner("-keystore ks -storepass changeit " +
"-signedjar signeda.jar " +
"-sigalg SHA256withRSA " +
"-verbose" +
" a.jar e1")
.shouldContain("Signature algorithm: SHA1withRSA (weak), 2048-bit key")
// For trusted cert, warning should be generated for its weak 1024-bit
// key, but not for its SHA1withRSA algorithm.
.shouldContain("Signature algorithm: SHA1withRSA, 1024-bit key (weak)")
.shouldHaveExitValue(0);

kt("-exportcert -alias ca -rfc -file cacert", "ks");
kt("-importcert -noprompt -file cacert", "caks");

SecurityTools.jarsigner("-verify -certs signeda.jar " +
"-keystore caks -storepass changeit -verbose -debug")
.shouldContain("Signature algorithm: SHA1withRSA (weak), 2048-bit key")
// For trusted cert, warning should be generated for its weak 1024-bit
// key, but not for its SHA1withRSA algorithm.
.shouldContain("Signature algorithm: SHA1withRSA, 1024-bit key (weak)")
.shouldHaveExitValue(0);
}
}

1 comment on commit c7e2174

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.