From 995e95603089f2571bb6778a2ff1691b147fd0ce Mon Sep 17 00:00:00 2001
From: Hai-May Chao <hchao@openjdk.org>
Date: Tue, 11 May 2021 19:37:26 +0000
Subject: [PATCH] 8266225: jarsigner is using incorrect security property to
 show weakness of certs

Reviewed-by: weijun, mullan
---
 .../sun/security/tools/jarsigner/Main.java    | 18 +++---
 .../tools/jarsigner/CheckSignerCertChain.java | 55 ++++++++++++++++++-
 2 files changed, 65 insertions(+), 8 deletions(-)

diff --git a/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java b/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java
index 3bc071db1bc..ba8b4c772f2 100644
--- a/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java
+++ b/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java
@@ -97,10 +97,14 @@ public class Main {
     private static final long SIX_MONTHS = 180*24*60*60*1000L; //milliseconds
     private static final long ONE_YEAR = 366*24*60*60*1000L;
 
-    private static final DisabledAlgorithmConstraints DISABLED_CHECK =
+    private static final DisabledAlgorithmConstraints JAR_DISABLED_CHECK =
             new DisabledAlgorithmConstraints(
                     DisabledAlgorithmConstraints.PROPERTY_JAR_DISABLED_ALGS);
 
+    private static final DisabledAlgorithmConstraints CERTPATH_DISABLED_CHECK =
+            new DisabledAlgorithmConstraints(
+                    DisabledAlgorithmConstraints.PROPERTY_CERTPATH_DISABLED_ALGS);
+
     private static final DisabledAlgorithmConstraints LEGACY_CHECK =
             new DisabledAlgorithmConstraints(
                     DisabledAlgorithmConstraints.PROPERTY_SECURITY_LEGACY_ALGS);
@@ -1321,7 +1325,7 @@ public class Main {
     }
 
     private String verifyWithWeak(String alg, Set<CryptoPrimitive> primitiveSet, boolean tsa) {
-        if (DISABLED_CHECK.permits(primitiveSet, alg, null)) {
+        if (JAR_DISABLED_CHECK.permits(primitiveSet, alg, null)) {
             if (LEGACY_CHECK.permits(primitiveSet, alg, null)) {
                 return alg;
             } else {
@@ -1347,7 +1351,7 @@ public class Main {
 
     private String verifyWithWeak(PublicKey key) {
         int kLen = KeyUtil.getKeySize(key);
-        if (DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, key)) {
+        if (JAR_DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, key)) {
             if (LEGACY_CHECK.permits(SIG_PRIMITIVE_SET, key)) {
                 if (kLen >= 0) {
                     return String.format(rb.getString("key.bit"), kLen);
@@ -1366,7 +1370,7 @@ public class Main {
     }
 
     private void checkWeakSign(String alg, Set<CryptoPrimitive> primitiveSet, boolean tsa) {
-        if (DISABLED_CHECK.permits(primitiveSet, alg, null)) {
+        if (JAR_DISABLED_CHECK.permits(primitiveSet, alg, null)) {
             if (!LEGACY_CHECK.permits(primitiveSet, alg, null)) {
                 if (primitiveSet == SIG_PRIMITIVE_SET) {
                    legacyAlg |= 2;
@@ -1392,7 +1396,7 @@ public class Main {
     }
 
     private void checkWeakSign(PrivateKey key) {
-        if (DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, key)) {
+        if (JAR_DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, key)) {
             if (!LEGACY_CHECK.permits(SIG_PRIMITIVE_SET, key)) {
                 legacyAlg |= 8;
             }
@@ -1403,7 +1407,7 @@ public class Main {
 
     private static String checkWeakKey(PublicKey key) {
         int kLen = KeyUtil.getKeySize(key);
-        if (DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, key)) {
+        if (CERTPATH_DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, key)) {
             if (LEGACY_CHECK.permits(SIG_PRIMITIVE_SET, key)) {
                 if (kLen >= 0) {
                     return String.format(rb.getString("key.bit"), kLen);
@@ -1419,7 +1423,7 @@ public class Main {
     }
 
     private static String checkWeakAlg(String alg) {
-        if (DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, alg, null)) {
+        if (CERTPATH_DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, alg, null)) {
             if (LEGACY_CHECK.permits(SIG_PRIMITIVE_SET, alg, null)) {
                 return alg;
             } else {
diff --git a/test/jdk/sun/security/tools/jarsigner/CheckSignerCertChain.java b/test/jdk/sun/security/tools/jarsigner/CheckSignerCertChain.java
index 157abb4b5f3..5e748bbcd98 100644
--- a/test/jdk/sun/security/tools/jarsigner/CheckSignerCertChain.java
+++ b/test/jdk/sun/security/tools/jarsigner/CheckSignerCertChain.java
@@ -23,7 +23,7 @@
 
 /*
  * @test
- * @bug 8259401
+ * @bug 8259401 8266225
  * @summary Check certificates in signer's cert chain to see if warning emitted
  * @library /test/lib
  */
@@ -32,10 +32,14 @@ import jdk.test.lib.SecurityTools;
 import jdk.test.lib.process.OutputAnalyzer;
 import jdk.test.lib.util.JarUtils;
 
+import java.nio.file.Files;
 import java.nio.file.Path;
+import java.nio.file.Paths;
 
 public class CheckSignerCertChain {
 
+    private static final String JAVA_SECURITY_FILE = "java.security";
+
     static OutputAnalyzer kt(String cmd, String ks) throws Exception {
         return SecurityTools.keytool("-storepass changeit " + cmd +
                 " -keystore " + ks);
@@ -88,5 +92,54 @@ public class CheckSignerCertChain {
                 // key, but not for its SHA1withRSA algorithm.
                 .shouldContain("Signature algorithm: SHA1withRSA, 1024-bit key (weak)")
                 .shouldHaveExitValue(0);
+
+        /*
+         * Generate a non-self-signed certificate using MD5withRSA as its signature
+         * algorithm to sign a JAR file.
+         */
+        kt("-genkeypair -keyalg rsa -alias cacert -dname CN=CACERT -ext bc:c ", "ks");
+        kt("-genkeypair -keyalg rsa -alias ee -dname CN=EE -ext bc:c ", "ks");
+        gencert("ee", "-alias cacert -ext san=dns:ee -sigalg MD5withRSA");
+
+        Files.writeString(Files.createFile(Paths.get(JAVA_SECURITY_FILE)),
+                "jdk.certpath.disabledAlgorithms=\n" +
+                "jdk.jar.disabledAlgorithms=MD5\n");
+
+        SecurityTools.jarsigner("-keystore ks -storepass changeit " +
+                "-signedjar signeda.jar " +
+                "-verbose " +
+                "-J-Djava.security.properties=" +
+                JAVA_SECURITY_FILE +
+                " a.jar ee")
+                .shouldNotContain("Signature algorithm: MD5withRSA (disabled), 2048-bit key")
+                .shouldContain("Signature algorithm: SHA256withRSA, 2048-bit key")
+                .shouldNotContain("Invalid certificate chain: Algorithm constraints check failed on signature algorithm: MD5withRSA")
+                .shouldHaveExitValue(0);
+
+        Files.deleteIfExists(Paths.get(JAVA_SECURITY_FILE));
+        Files.writeString(Files.createFile(Paths.get(JAVA_SECURITY_FILE)),
+                "jdk.certpath.disabledAlgorithms=MD5\n" +
+                "jdk.jar.disabledAlgorithms=\n");
+
+        SecurityTools.jarsigner("-keystore ks -storepass changeit " +
+                "-signedjar signeda.jar " +
+                "-verbose " +
+                "-J-Djava.security.properties=" +
+                JAVA_SECURITY_FILE +
+                " a.jar ee")
+                .shouldContain("Signature algorithm: MD5withRSA (disabled), 2048-bit key")
+                .shouldContain("Signature algorithm: SHA256withRSA, 2048-bit key")
+                .shouldContain("Invalid certificate chain: Algorithm constraints check failed on signature algorithm: MD5withRSA")
+                .shouldHaveExitValue(0);
+
+        kt("-exportcert -alias cacert -rfc -file cacert", "ks");
+        kt("-importcert -noprompt -file cacert", "caks1");
+
+        SecurityTools.jarsigner("-verify -certs signeda.jar " +
+                "-keystore caks1 -storepass changeit -verbose -debug")
+                .shouldContain("Signature algorithm: MD5withRSA (disabled), 2048-bit key")
+                .shouldContain("Signature algorithm: SHA256withRSA, 2048-bit key")
+                .shouldContain("Invalid certificate chain: Algorithm constraints check failed on signature algorithm: MD5withRSA")
+                .shouldHaveExitValue(0);
     }
 }