Skip to content

Commit

Permalink
8282633: jarsigner output does not explain why an EC key is disabled …
Browse files Browse the repository at this point in the history
…if its curve has been disabled

Reviewed-by: weijun
  • Loading branch information
Hai-May Chao committed Mar 15, 2022
1 parent 4de7201 commit f43ffe2
Show file tree
Hide file tree
Showing 5 changed files with 160 additions and 31 deletions.
30 changes: 7 additions & 23 deletions src/java.base/share/classes/sun/security/tools/keytool/Main.java
Original file line number Diff line number Diff line change
Expand Up @@ -42,8 +42,6 @@
import java.security.cert.URICertStoreParameters;


import java.security.interfaces.ECKey;
import java.security.interfaces.EdECKey;
import java.security.spec.ECParameterSpec;
import java.text.Collator;
import java.text.MessageFormat;
Expand Down Expand Up @@ -2018,7 +2016,7 @@ private void doGenKeyPair(String alias, String dname, String keyAlgName,
("Generating.keysize.bit.keyAlgName.key.pair.and.a.certificate.sigAlgName.issued.by.signerAlias.with.a.validity.of.validality.days.for"));
Object[] source = {
groupName == null ? keysize : KeyUtil.getKeySize(privKey),
fullDisplayAlgName(privKey),
KeyUtil.fullDisplayAlgName(privKey),
newCert.getSigAlgName(),
signerAlias,
validity,
Expand All @@ -2029,7 +2027,7 @@ private void doGenKeyPair(String alias, String dname, String keyAlgName,
("Generating.keysize.bit.keyAlgName.key.pair.and.self.signed.certificate.sigAlgName.with.a.validity.of.validality.days.for"));
Object[] source = {
groupName == null ? keysize : KeyUtil.getKeySize(privKey),
fullDisplayAlgName(privKey),
KeyUtil.fullDisplayAlgName(privKey),
newCert.getSigAlgName(),
validity,
x500Name};
Expand Down Expand Up @@ -3560,24 +3558,10 @@ private String withWeak(String alg) {
}
}

private String fullDisplayAlgName(Key key) {
String result = key.getAlgorithm();
if (key instanceof ECKey) {
ECParameterSpec paramSpec = ((ECKey) key).getParams();
if (paramSpec instanceof NamedCurve) {
NamedCurve nc = (NamedCurve)paramSpec;
result += " (" + nc.getNameAndAliases()[0] + ")";
}
} else if (key instanceof EdECKey) {
result = ((EdECKey) key).getParams().getName();
}
return result;
}

private String withWeakConstraint(Key key,
CertPathConstraintsParameters cpcp) {
int kLen = KeyUtil.getKeySize(key);
String displayAlg = fullDisplayAlgName(key);
String displayAlg = KeyUtil.fullDisplayAlgName(key);
try {
DISABLED_CHECK.permits(key.getAlgorithm(), cpcp, true);
} catch (CertPathValidatorException e) {
Expand Down Expand Up @@ -4946,13 +4930,13 @@ private void checkWeakConstraint(String label, String sigAlg, Key key,
weakWarnings.add(String.format(
rb.getString("whose.key.weak"), label,
String.format(rb.getString("key.bit"),
KeyUtil.getKeySize(key), fullDisplayAlgName(key))));
KeyUtil.getKeySize(key), KeyUtil.fullDisplayAlgName(key))));
}
} catch (CertPathValidatorException e) {
weakWarnings.add(String.format(
rb.getString("whose.key.disabled"), label,
String.format(rb.getString("key.bit"),
KeyUtil.getKeySize(key), fullDisplayAlgName(key))));
KeyUtil.getKeySize(key), KeyUtil.fullDisplayAlgName(key))));
}
}
}
Expand All @@ -4973,12 +4957,12 @@ private void checkWeak(String label, String sigAlg, Key key) {
weakWarnings.add(String.format(
rb.getString("whose.key.disabled"), label,
String.format(rb.getString("key.bit"),
KeyUtil.getKeySize(key), fullDisplayAlgName(key))));
KeyUtil.getKeySize(key), KeyUtil.fullDisplayAlgName(key))));
} else if (!LEGACY_CHECK.permits(SIG_PRIMITIVE_SET, key)) {
weakWarnings.add(String.format(
rb.getString("whose.key.weak"), label,
String.format(rb.getString("key.bit"),
KeyUtil.getKeySize(key), fullDisplayAlgName(key))));
KeyUtil.getKeySize(key), KeyUtil.fullDisplayAlgName(key))));
}
}
}
Expand Down
24 changes: 23 additions & 1 deletion src/java.base/share/classes/sun/security/util/KeyUtil.java
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2012, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2012, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -190,6 +190,28 @@ public static final int getKeySize(AlgorithmParameters parameters) {
return -1;
}

/**
* Returns the algorithm name of the given key object. If an EC key is
* specified, returns the algorithm name and its named curve.
*
* @param key the key object, cannot be null
* @return the algorithm name of the given key object, or return in the
* form of "EC (named curve)" if the given key object is an EC key
*/
public static final String fullDisplayAlgName(Key key) {
String result = key.getAlgorithm();
if (key instanceof ECKey) {
ECParameterSpec paramSpec = ((ECKey) key).getParams();
if (paramSpec instanceof NamedCurve) {
NamedCurve nc = (NamedCurve)paramSpec;
result += " (" + nc.getNameAndAliases()[0] + ")";
}
} else if (key instanceof EdECKey) {
result = ((EdECKey) key).getParams().getName();
}
return result;
}

/**
* Returns whether the key is valid or not.
* <P>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
import java.net.URLClassLoader;
import java.security.cert.CertPathValidatorException;
import java.security.cert.PKIXBuilderParameters;
import java.security.interfaces.ECKey;
import java.util.*;
import java.util.stream.Collectors;
import java.util.zip.*;
Expand Down Expand Up @@ -1244,13 +1245,13 @@ private void displayMessagesAndResult(boolean isSigning) {
if ((legacyAlg & 8) == 8) {
warnings.add(String.format(
rb.getString("The.1.signing.key.has.a.keysize.of.2.which.is.considered.a.security.risk..This.key.size.will.be.disabled.in.a.future.update."),
privateKey.getAlgorithm(), KeyUtil.getKeySize(privateKey)));
KeyUtil.fullDisplayAlgName(privateKey), KeyUtil.getKeySize(privateKey)));
}

if ((disabledAlg & 8) == 8) {
errors.add(String.format(
rb.getString("The.1.signing.key.has.a.keysize.of.2.which.is.considered.a.security.risk.and.is.disabled."),
privateKey.getAlgorithm(), KeyUtil.getKeySize(privateKey)));
KeyUtil.fullDisplayAlgName(privateKey), KeyUtil.getKeySize(privateKey)));
}
} else {
if ((legacyAlg & 1) != 0) {
Expand All @@ -1274,7 +1275,7 @@ private void displayMessagesAndResult(boolean isSigning) {
if ((legacyAlg & 8) == 8) {
warnings.add(String.format(
rb.getString("The.1.signing.key.has.a.keysize.of.2.which.is.considered.a.security.risk..This.key.size.will.be.disabled.in.a.future.update."),
weakPublicKey.getAlgorithm(), KeyUtil.getKeySize(weakPublicKey)));
KeyUtil.fullDisplayAlgName(weakPublicKey), KeyUtil.getKeySize(weakPublicKey)));
}
}

Expand Down Expand Up @@ -1451,7 +1452,12 @@ private String verifyWithWeak(PublicKey key, JarConstraintsParameters jcp) {
JAR_DISABLED_CHECK.permits(key.getAlgorithm(), jcp, true);
} catch (CertPathValidatorException e) {
disabledAlgFound = true;
return String.format(rb.getString("key.bit.disabled"), kLen);
if (key instanceof ECKey) {
return String.format(rb.getString("key.bit.eccurve.disabled"), kLen,
KeyUtil.fullDisplayAlgName(key));
} else {
return String.format(rb.getString("key.bit.disabled"), kLen);
}
}
try {
LEGACY_CHECK.permits(key.getAlgorithm(), jcp, true);
Expand All @@ -1463,7 +1469,12 @@ private String verifyWithWeak(PublicKey key, JarConstraintsParameters jcp) {
} catch (CertPathValidatorException e) {
weakPublicKey = key;
legacyAlg |= 8;
return String.format(rb.getString("key.bit.weak"), kLen);
if (key instanceof ECKey) {
return String.format(rb.getString("key.bit.eccurve.weak"), kLen,
KeyUtil.fullDisplayAlgName(key));
} else {
return String.format(rb.getString("key.bit.weak"), kLen);
}
}
}

Expand Down Expand Up @@ -1516,7 +1527,12 @@ private static String checkWeakKey(PublicKey key, CertPathConstraintsParameters
try {
CERTPATH_DISABLED_CHECK.permits(key.getAlgorithm(), cpcp, true);
} catch (CertPathValidatorException e) {
return String.format(rb.getString("key.bit.disabled"), kLen);
if (key instanceof ECKey) {
return String.format(rb.getString("key.bit.eccurve.disabled"), kLen,
KeyUtil.fullDisplayAlgName(key));
} else {
return String.format(rb.getString("key.bit.disabled"), kLen);
}
}
try {
LEGACY_CHECK.permits(key.getAlgorithm(), cpcp, true);
Expand All @@ -1526,7 +1542,12 @@ private static String checkWeakKey(PublicKey key, CertPathConstraintsParameters
return rb.getString("unknown.size");
}
} catch (CertPathValidatorException e) {
return String.format(rb.getString("key.bit.weak"), kLen);
if (key instanceof ECKey) {
return String.format(rb.getString("key.bit.eccurve.weak"), kLen,
KeyUtil.fullDisplayAlgName(key));
} else {
return String.format(rb.getString("key.bit.weak"), kLen);
}
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -181,7 +181,9 @@ public class Resources extends java.util.ListResourceBundle {
{"with.algparams.disabled", "%1$s using %2$s (disabled)"},
{"key.bit", "%d-bit key"},
{"key.bit.weak", "%d-bit key (weak)"},
{"key.bit.eccurve.weak", "%1$d-bit %2$s key (weak)"},
{"key.bit.disabled", "%d-bit key (disabled)"},
{"key.bit.eccurve.disabled", "%1$d-bit %2$s key (disabled)"},
{"unknown.size", "unknown size"},
{"extra.attributes.detected", "POSIX file permission and/or symlink attributes detected. These attributes are ignored when signing and are not protected by the signature."},

Expand Down
100 changes: 100 additions & 0 deletions test/jdk/sun/security/tools/jarsigner/DisableCurveTest.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
/*
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/

/*
* @test
* @bug 8282633
* @summary jarsigner should display the named curve to better explain why
* an EC key is disabled or will be disabled.
* @library /test/lib
*/

import jdk.test.lib.SecurityTools;
import jdk.test.lib.process.OutputAnalyzer;
import jdk.test.lib.util.JarUtils;

import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;

public class DisableCurveTest {
private static final String JAVA_SECURITY_FILE = "java.security";

public static void main(String[] args) throws Exception{
SecurityTools.keytool("-keystore ks -storepass changeit " +
"-genkeypair -keyalg EC -alias ca -dname CN=CA " +
"-ext bc:c")
.shouldHaveExitValue(0);

JarUtils.createJarFile(Path.of("a.jar"), Path.of("."), Path.of("ks"));

Files.writeString(Files.createFile(Paths.get(JAVA_SECURITY_FILE)),
"jdk.jar.disabledAlgorithms=secp256r1\n" +
"jdk.certpath.disabledAlgorithms=secp256r1\n");

SecurityTools.jarsigner("-keystore ks -storepass changeit " +
"-signedjar signeda.jar -verbose " +
"-J-Djava.security.properties=" +
JAVA_SECURITY_FILE +
" a.jar ca")
.shouldContain(">>> Signer")
.shouldContain("Signature algorithm: SHA256withECDSA, 256-bit EC (secp256r1) key (disabled)")
.shouldContain("Warning:")
.shouldContain("The EC (secp256r1) signing key has a keysize of 256 which is considered a security risk and is disabled")
.shouldHaveExitValue(0);

SecurityTools.jarsigner("-verify signeda.jar " +
"-J-Djava.security.properties=" +
JAVA_SECURITY_FILE +
" -keystore ks -storepass changeit -verbose -debug")
.shouldContain("- Signed by")
.shouldContain("Signature algorithm: SHA256withECDSA, 256-bit EC (secp256r1) key (disabled)")
.shouldContain("WARNING: The jar will be treated as unsigned")
.shouldHaveExitValue(0);

Files.deleteIfExists(Paths.get(JAVA_SECURITY_FILE));
Files.writeString(Files.createFile(Paths.get(JAVA_SECURITY_FILE)),
"jdk.security.legacyAlgorithms=secp256r1\n");

SecurityTools.jarsigner("-keystore ks -storepass changeit " +
"-signedjar signeda.jar -verbose " +
"-J-Djava.security.properties=" +
JAVA_SECURITY_FILE +
" a.jar ca")
.shouldContain(">>> Signer")
.shouldContain("Signature algorithm: SHA256withECDSA, 256-bit EC (secp256r1) key (weak)")
.shouldContain("Warning:")
.shouldContain("The EC (secp256r1) signing key has a keysize of 256 which is considered a security risk. This key size will be disabled in a future update")
.shouldHaveExitValue(0);

SecurityTools.jarsigner("-verify signeda.jar " +
"-J-Djava.security.properties=" +
JAVA_SECURITY_FILE +
" -keystore ks -storepass changeit -verbose -debug")
.shouldContain("- Signed by")
.shouldContain("Signature algorithm: SHA256withECDSA, 256-bit EC (secp256r1) key (weak)")
.shouldContain("jar verified")
.shouldContain("The EC (secp256r1) signing key has a keysize of 256 which is considered a security risk. This key size will be disabled in a future update")
.shouldHaveExitValue(0);
}
}

1 comment on commit f43ffe2

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.