8282633: jarsigner output does not explain why an EC key is disabled if its curve has been disabled

Reviewed-by: weijun
This commit is contained in:
Hai-May Chao 2022-03-15 15:54:47 +00:00
parent 4de72014d3
commit f43ffe211f
5 changed files with 160 additions and 31 deletions
src
java.base/share/classes/sun/security
tools/keytool
util
jdk.jartool/share/classes/sun/security/tools/jarsigner
test/jdk/sun/security/tools/jarsigner

@ -42,8 +42,6 @@ import java.security.cert.TrustAnchor;
import java.security.cert.URICertStoreParameters;
import java.security.interfaces.ECKey;
import java.security.interfaces.EdECKey;
import java.security.spec.ECParameterSpec;
import java.text.Collator;
import java.text.MessageFormat;
@ -2018,7 +2016,7 @@ public final class Main {
("Generating.keysize.bit.keyAlgName.key.pair.and.a.certificate.sigAlgName.issued.by.signerAlias.with.a.validity.of.validality.days.for"));
Object[] source = {
groupName == null ? keysize : KeyUtil.getKeySize(privKey),
fullDisplayAlgName(privKey),
KeyUtil.fullDisplayAlgName(privKey),
newCert.getSigAlgName(),
signerAlias,
validity,
@ -2029,7 +2027,7 @@ public final class Main {
("Generating.keysize.bit.keyAlgName.key.pair.and.self.signed.certificate.sigAlgName.with.a.validity.of.validality.days.for"));
Object[] source = {
groupName == null ? keysize : KeyUtil.getKeySize(privKey),
fullDisplayAlgName(privKey),
KeyUtil.fullDisplayAlgName(privKey),
newCert.getSigAlgName(),
validity,
x500Name};
@ -3560,24 +3558,10 @@ public final class Main {
}
}
private String fullDisplayAlgName(Key key) {
String result = key.getAlgorithm();
if (key instanceof ECKey) {
ECParameterSpec paramSpec = ((ECKey) key).getParams();
if (paramSpec instanceof NamedCurve) {
NamedCurve nc = (NamedCurve)paramSpec;
result += " (" + nc.getNameAndAliases()[0] + ")";
}
} else if (key instanceof EdECKey) {
result = ((EdECKey) key).getParams().getName();
}
return result;
}
private String withWeakConstraint(Key key,
CertPathConstraintsParameters cpcp) {
int kLen = KeyUtil.getKeySize(key);
String displayAlg = fullDisplayAlgName(key);
String displayAlg = KeyUtil.fullDisplayAlgName(key);
try {
DISABLED_CHECK.permits(key.getAlgorithm(), cpcp, true);
} catch (CertPathValidatorException e) {
@ -4946,13 +4930,13 @@ public final class Main {
weakWarnings.add(String.format(
rb.getString("whose.key.weak"), label,
String.format(rb.getString("key.bit"),
KeyUtil.getKeySize(key), fullDisplayAlgName(key))));
KeyUtil.getKeySize(key), KeyUtil.fullDisplayAlgName(key))));
}
} catch (CertPathValidatorException e) {
weakWarnings.add(String.format(
rb.getString("whose.key.disabled"), label,
String.format(rb.getString("key.bit"),
KeyUtil.getKeySize(key), fullDisplayAlgName(key))));
KeyUtil.getKeySize(key), KeyUtil.fullDisplayAlgName(key))));
}
}
}
@ -4973,12 +4957,12 @@ public final class Main {
weakWarnings.add(String.format(
rb.getString("whose.key.disabled"), label,
String.format(rb.getString("key.bit"),
KeyUtil.getKeySize(key), fullDisplayAlgName(key))));
KeyUtil.getKeySize(key), KeyUtil.fullDisplayAlgName(key))));
} else if (!LEGACY_CHECK.permits(SIG_PRIMITIVE_SET, key)) {
weakWarnings.add(String.format(
rb.getString("whose.key.weak"), label,
String.format(rb.getString("key.bit"),
KeyUtil.getKeySize(key), fullDisplayAlgName(key))));
KeyUtil.getKeySize(key), KeyUtil.fullDisplayAlgName(key))));
}
}
}

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2012, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -190,6 +190,28 @@ public final class KeyUtil {
return -1;
}
/**
* Returns the algorithm name of the given key object. If an EC key is
* specified, returns the algorithm name and its named curve.
*
* @param key the key object, cannot be null
* @return the algorithm name of the given key object, or return in the
* form of "EC (named curve)" if the given key object is an EC key
*/
public static final String fullDisplayAlgName(Key key) {
String result = key.getAlgorithm();
if (key instanceof ECKey) {
ECParameterSpec paramSpec = ((ECKey) key).getParams();
if (paramSpec instanceof NamedCurve) {
NamedCurve nc = (NamedCurve)paramSpec;
result += " (" + nc.getNameAndAliases()[0] + ")";
}
} else if (key instanceof EdECKey) {
result = ((EdECKey) key).getParams().getName();
}
return result;
}
/**
* Returns whether the key is valid or not.
* <P>

@ -30,6 +30,7 @@ import java.net.UnknownHostException;
import java.net.URLClassLoader;
import java.security.cert.CertPathValidatorException;
import java.security.cert.PKIXBuilderParameters;
import java.security.interfaces.ECKey;
import java.util.*;
import java.util.stream.Collectors;
import java.util.zip.*;
@ -1244,13 +1245,13 @@ public class Main {
if ((legacyAlg & 8) == 8) {
warnings.add(String.format(
rb.getString("The.1.signing.key.has.a.keysize.of.2.which.is.considered.a.security.risk..This.key.size.will.be.disabled.in.a.future.update."),
privateKey.getAlgorithm(), KeyUtil.getKeySize(privateKey)));
KeyUtil.fullDisplayAlgName(privateKey), KeyUtil.getKeySize(privateKey)));
}
if ((disabledAlg & 8) == 8) {
errors.add(String.format(
rb.getString("The.1.signing.key.has.a.keysize.of.2.which.is.considered.a.security.risk.and.is.disabled."),
privateKey.getAlgorithm(), KeyUtil.getKeySize(privateKey)));
KeyUtil.fullDisplayAlgName(privateKey), KeyUtil.getKeySize(privateKey)));
}
} else {
if ((legacyAlg & 1) != 0) {
@ -1274,7 +1275,7 @@ public class Main {
if ((legacyAlg & 8) == 8) {
warnings.add(String.format(
rb.getString("The.1.signing.key.has.a.keysize.of.2.which.is.considered.a.security.risk..This.key.size.will.be.disabled.in.a.future.update."),
weakPublicKey.getAlgorithm(), KeyUtil.getKeySize(weakPublicKey)));
KeyUtil.fullDisplayAlgName(weakPublicKey), KeyUtil.getKeySize(weakPublicKey)));
}
}
@ -1451,7 +1452,12 @@ public class Main {
JAR_DISABLED_CHECK.permits(key.getAlgorithm(), jcp, true);
} catch (CertPathValidatorException e) {
disabledAlgFound = true;
return String.format(rb.getString("key.bit.disabled"), kLen);
if (key instanceof ECKey) {
return String.format(rb.getString("key.bit.eccurve.disabled"), kLen,
KeyUtil.fullDisplayAlgName(key));
} else {
return String.format(rb.getString("key.bit.disabled"), kLen);
}
}
try {
LEGACY_CHECK.permits(key.getAlgorithm(), jcp, true);
@ -1463,7 +1469,12 @@ public class Main {
} catch (CertPathValidatorException e) {
weakPublicKey = key;
legacyAlg |= 8;
return String.format(rb.getString("key.bit.weak"), kLen);
if (key instanceof ECKey) {
return String.format(rb.getString("key.bit.eccurve.weak"), kLen,
KeyUtil.fullDisplayAlgName(key));
} else {
return String.format(rb.getString("key.bit.weak"), kLen);
}
}
}
@ -1516,7 +1527,12 @@ public class Main {
try {
CERTPATH_DISABLED_CHECK.permits(key.getAlgorithm(), cpcp, true);
} catch (CertPathValidatorException e) {
return String.format(rb.getString("key.bit.disabled"), kLen);
if (key instanceof ECKey) {
return String.format(rb.getString("key.bit.eccurve.disabled"), kLen,
KeyUtil.fullDisplayAlgName(key));
} else {
return String.format(rb.getString("key.bit.disabled"), kLen);
}
}
try {
LEGACY_CHECK.permits(key.getAlgorithm(), cpcp, true);
@ -1526,7 +1542,12 @@ public class Main {
return rb.getString("unknown.size");
}
} catch (CertPathValidatorException e) {
return String.format(rb.getString("key.bit.weak"), kLen);
if (key instanceof ECKey) {
return String.format(rb.getString("key.bit.eccurve.weak"), kLen,
KeyUtil.fullDisplayAlgName(key));
} else {
return String.format(rb.getString("key.bit.weak"), kLen);
}
}
}

@ -181,7 +181,9 @@ public class Resources extends java.util.ListResourceBundle {
{"with.algparams.disabled", "%1$s using %2$s (disabled)"},
{"key.bit", "%d-bit key"},
{"key.bit.weak", "%d-bit key (weak)"},
{"key.bit.eccurve.weak", "%1$d-bit %2$s key (weak)"},
{"key.bit.disabled", "%d-bit key (disabled)"},
{"key.bit.eccurve.disabled", "%1$d-bit %2$s key (disabled)"},
{"unknown.size", "unknown size"},
{"extra.attributes.detected", "POSIX file permission and/or symlink attributes detected. These attributes are ignored when signing and are not protected by the signature."},

@ -0,0 +1,100 @@
/*
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8282633
* @summary jarsigner should display the named curve to better explain why
* an EC key is disabled or will be disabled.
* @library /test/lib
*/
import jdk.test.lib.SecurityTools;
import jdk.test.lib.process.OutputAnalyzer;
import jdk.test.lib.util.JarUtils;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
public class DisableCurveTest {
private static final String JAVA_SECURITY_FILE = "java.security";
public static void main(String[] args) throws Exception{
SecurityTools.keytool("-keystore ks -storepass changeit " +
"-genkeypair -keyalg EC -alias ca -dname CN=CA " +
"-ext bc:c")
.shouldHaveExitValue(0);
JarUtils.createJarFile(Path.of("a.jar"), Path.of("."), Path.of("ks"));
Files.writeString(Files.createFile(Paths.get(JAVA_SECURITY_FILE)),
"jdk.jar.disabledAlgorithms=secp256r1\n" +
"jdk.certpath.disabledAlgorithms=secp256r1\n");
SecurityTools.jarsigner("-keystore ks -storepass changeit " +
"-signedjar signeda.jar -verbose " +
"-J-Djava.security.properties=" +
JAVA_SECURITY_FILE +
" a.jar ca")
.shouldContain(">>> Signer")
.shouldContain("Signature algorithm: SHA256withECDSA, 256-bit EC (secp256r1) key (disabled)")
.shouldContain("Warning:")
.shouldContain("The EC (secp256r1) signing key has a keysize of 256 which is considered a security risk and is disabled")
.shouldHaveExitValue(0);
SecurityTools.jarsigner("-verify signeda.jar " +
"-J-Djava.security.properties=" +
JAVA_SECURITY_FILE +
" -keystore ks -storepass changeit -verbose -debug")
.shouldContain("- Signed by")
.shouldContain("Signature algorithm: SHA256withECDSA, 256-bit EC (secp256r1) key (disabled)")
.shouldContain("WARNING: The jar will be treated as unsigned")
.shouldHaveExitValue(0);
Files.deleteIfExists(Paths.get(JAVA_SECURITY_FILE));
Files.writeString(Files.createFile(Paths.get(JAVA_SECURITY_FILE)),
"jdk.security.legacyAlgorithms=secp256r1\n");
SecurityTools.jarsigner("-keystore ks -storepass changeit " +
"-signedjar signeda.jar -verbose " +
"-J-Djava.security.properties=" +
JAVA_SECURITY_FILE +
" a.jar ca")
.shouldContain(">>> Signer")
.shouldContain("Signature algorithm: SHA256withECDSA, 256-bit EC (secp256r1) key (weak)")
.shouldContain("Warning:")
.shouldContain("The EC (secp256r1) signing key has a keysize of 256 which is considered a security risk. This key size will be disabled in a future update")
.shouldHaveExitValue(0);
SecurityTools.jarsigner("-verify signeda.jar " +
"-J-Djava.security.properties=" +
JAVA_SECURITY_FILE +
" -keystore ks -storepass changeit -verbose -debug")
.shouldContain("- Signed by")
.shouldContain("Signature algorithm: SHA256withECDSA, 256-bit EC (secp256r1) key (weak)")
.shouldContain("jar verified")
.shouldContain("The EC (secp256r1) signing key has a keysize of 256 which is considered a security risk. This key size will be disabled in a future update")
.shouldHaveExitValue(0);
}
}