8274471: Verification of OCSP Response signed with RSASSA-PSS fails
Reviewed-by: hchao, jnimeh
This commit is contained in:
parent
f2404d60de
commit
f63c4a832a
src/java.base/share/classes/sun/security
provider/certpath
util
x509
test/jdk
java/security/testlibrary
javax/net/ssl/Stapling
@ -35,7 +35,6 @@ import java.security.cert.CertPathValidatorException;
|
||||
import java.security.cert.CertPathValidatorException.BasicReason;
|
||||
import java.security.cert.CRLReason;
|
||||
import java.security.cert.Extension;
|
||||
import java.security.cert.TrustAnchor;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.util.Base64;
|
||||
import java.util.Date;
|
||||
@ -46,7 +45,6 @@ import sun.security.action.GetIntegerAction;
|
||||
import sun.security.util.Debug;
|
||||
import sun.security.util.Event;
|
||||
import sun.security.util.IOUtils;
|
||||
import sun.security.validator.Validator;
|
||||
import sun.security.x509.AccessDescription;
|
||||
import sun.security.x509.AuthorityInfoAccessExtension;
|
||||
import sun.security.x509.GeneralName;
|
||||
@ -166,22 +164,26 @@ public final class OCSP {
|
||||
List<Extension> extensions) throws IOException {
|
||||
OCSPRequest request = new OCSPRequest(certIds, extensions);
|
||||
byte[] bytes = request.encodeBytes();
|
||||
String responder = responderURI.toString();
|
||||
|
||||
if (debug != null) {
|
||||
debug.println("connecting to OCSP service at: " + responderURI);
|
||||
debug.println("connecting to OCSP service at: " + responder);
|
||||
}
|
||||
Event.report(Event.ReporterCategory.CRLCHECK, "event.ocsp.check",
|
||||
responderURI.toString());
|
||||
responder);
|
||||
|
||||
URL url;
|
||||
HttpURLConnection con = null;
|
||||
try {
|
||||
String encodedGetReq = responderURI.toString() + "/" +
|
||||
URLEncoder.encode(Base64.getEncoder().encodeToString(bytes),
|
||||
UTF_8);
|
||||
StringBuilder encodedGetReq = new StringBuilder(responder);
|
||||
if (!responder.endsWith("/")) {
|
||||
encodedGetReq.append("/");
|
||||
}
|
||||
encodedGetReq.append(URLEncoder.encode(
|
||||
Base64.getEncoder().encodeToString(bytes), UTF_8));
|
||||
|
||||
if (encodedGetReq.length() <= 255) {
|
||||
url = new URL(encodedGetReq);
|
||||
url = new URL(encodedGetReq.toString());
|
||||
con = (HttpURLConnection)url.openConnection();
|
||||
con.setDoOutput(true);
|
||||
con.setDoInput(true);
|
||||
|
@ -638,7 +638,10 @@ public final class OCSPResponse {
|
||||
|
||||
try {
|
||||
Signature respSignature = Signature.getInstance(sigAlgId.getName());
|
||||
respSignature.initVerify(cert.getPublicKey());
|
||||
SignatureUtil.initVerifyWithParam(respSignature,
|
||||
cert.getPublicKey(),
|
||||
SignatureUtil.getParamSpec(sigAlgId.getName(),
|
||||
sigAlgId.getEncodedParams()));
|
||||
respSignature.update(tbsResponseData);
|
||||
|
||||
if (respSignature.verify(signature)) {
|
||||
@ -654,8 +657,8 @@ public final class OCSPResponse {
|
||||
}
|
||||
return false;
|
||||
}
|
||||
} catch (InvalidKeyException | NoSuchAlgorithmException |
|
||||
SignatureException e)
|
||||
} catch (InvalidAlgorithmParameterException | InvalidKeyException
|
||||
| NoSuchAlgorithmException | SignatureException e)
|
||||
{
|
||||
throw new CertPathValidatorException(e);
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2018, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -170,8 +170,7 @@ public class SignatureUtil {
|
||||
// for verification with the specified key and params (may be null)
|
||||
public static void initVerifyWithParam(Signature s, PublicKey key,
|
||||
AlgorithmParameterSpec params)
|
||||
throws ProviderException, InvalidAlgorithmParameterException,
|
||||
InvalidKeyException {
|
||||
throws InvalidAlgorithmParameterException, InvalidKeyException {
|
||||
SharedSecrets.getJavaSecuritySignatureAccess().initVerify(s, key, params);
|
||||
}
|
||||
|
||||
@ -180,8 +179,7 @@ public class SignatureUtil {
|
||||
public static void initVerifyWithParam(Signature s,
|
||||
java.security.cert.Certificate cert,
|
||||
AlgorithmParameterSpec params)
|
||||
throws ProviderException, InvalidAlgorithmParameterException,
|
||||
InvalidKeyException {
|
||||
throws InvalidAlgorithmParameterException, InvalidKeyException {
|
||||
SharedSecrets.getJavaSecuritySignatureAccess().initVerify(s, cert, params);
|
||||
}
|
||||
|
||||
@ -189,8 +187,7 @@ public class SignatureUtil {
|
||||
// for signing with the specified key and params (may be null)
|
||||
public static void initSignWithParam(Signature s, PrivateKey key,
|
||||
AlgorithmParameterSpec params, SecureRandom sr)
|
||||
throws ProviderException, InvalidAlgorithmParameterException,
|
||||
InvalidKeyException {
|
||||
throws InvalidAlgorithmParameterException, InvalidKeyException {
|
||||
SharedSecrets.getJavaSecuritySignatureAccess().initSign(s, key, params, sr);
|
||||
}
|
||||
|
||||
@ -342,10 +339,10 @@ public class SignatureUtil {
|
||||
* Create a Signature that has been initialized with proper key and params.
|
||||
*
|
||||
* @param sigAlg signature algorithms
|
||||
* @param key public or private key
|
||||
* @param key private key
|
||||
* @param provider (optional) provider
|
||||
*/
|
||||
public static Signature fromKey(String sigAlg, Key key, String provider)
|
||||
public static Signature fromKey(String sigAlg, PrivateKey key, String provider)
|
||||
throws NoSuchAlgorithmException, NoSuchProviderException,
|
||||
InvalidKeyException{
|
||||
Signature sigEngine = (provider == null || provider.isEmpty())
|
||||
@ -358,10 +355,10 @@ public class SignatureUtil {
|
||||
* Create a Signature that has been initialized with proper key and params.
|
||||
*
|
||||
* @param sigAlg signature algorithms
|
||||
* @param key public or private key
|
||||
* @param key private key
|
||||
* @param provider (optional) provider
|
||||
*/
|
||||
public static Signature fromKey(String sigAlg, Key key, Provider provider)
|
||||
public static Signature fromKey(String sigAlg, PrivateKey key, Provider provider)
|
||||
throws NoSuchAlgorithmException, InvalidKeyException{
|
||||
Signature sigEngine = (provider == null)
|
||||
? Signature.getInstance(sigAlg)
|
||||
@ -369,17 +366,12 @@ public class SignatureUtil {
|
||||
return autoInitInternal(sigAlg, key, sigEngine);
|
||||
}
|
||||
|
||||
private static Signature autoInitInternal(String alg, Key key, Signature s)
|
||||
private static Signature autoInitInternal(String alg, PrivateKey key, Signature s)
|
||||
throws InvalidKeyException {
|
||||
AlgorithmParameterSpec params = SignatureUtil
|
||||
.getDefaultParamSpec(alg, key);
|
||||
try {
|
||||
if (key instanceof PrivateKey) {
|
||||
SignatureUtil.initSignWithParam(s, (PrivateKey) key, params,
|
||||
null);
|
||||
} else {
|
||||
SignatureUtil.initVerifyWithParam(s, (PublicKey) key, params);
|
||||
}
|
||||
SignatureUtil.initSignWithParam(s, key, params, null);
|
||||
} catch (InvalidAlgorithmParameterException e) {
|
||||
throw new AssertionError("Should not happen", e);
|
||||
}
|
||||
|
@ -312,7 +312,7 @@ public class AlgorithmId implements Serializable, DerEncoder {
|
||||
*
|
||||
* @return DER encoded parameters, or null not present.
|
||||
*/
|
||||
public byte[] getEncodedParams() throws IOException {
|
||||
public byte[] getEncodedParams() {
|
||||
return (encodedParams == null ||
|
||||
algid.toString().equals(KnownOIDs.SpecifiedSHA2withECDSA.value()))
|
||||
? null
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -820,13 +820,7 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
|
||||
* null if no parameters are present.
|
||||
*/
|
||||
public byte[] getSigAlgParams() {
|
||||
if (sigAlgId == null)
|
||||
return null;
|
||||
try {
|
||||
return sigAlgId.getEncodedParams();
|
||||
} catch (IOException e) {
|
||||
return null;
|
||||
}
|
||||
return sigAlgId == null ? null : sigAlgId.getEncodedParams();
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -1030,13 +1030,7 @@ public class X509CertImpl extends X509Certificate implements DerEncoder {
|
||||
* null if no parameters are present.
|
||||
*/
|
||||
public byte[] getSigAlgParams() {
|
||||
if (algId == null)
|
||||
return null;
|
||||
try {
|
||||
return algId.getEncodedParams();
|
||||
} catch (IOException e) {
|
||||
return null;
|
||||
}
|
||||
return algId == null ? null : algId.getEncodedParams();
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2015, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -38,6 +38,7 @@ import java.math.BigInteger;
|
||||
import sun.security.util.DerOutputStream;
|
||||
import sun.security.util.DerValue;
|
||||
import sun.security.util.ObjectIdentifier;
|
||||
import sun.security.util.SignatureUtil;
|
||||
import sun.security.x509.AccessDescription;
|
||||
import sun.security.x509.AlgorithmId;
|
||||
import sun.security.x509.AuthorityInfoAccessExtension;
|
||||
@ -364,8 +365,7 @@ public class CertificateBuilder {
|
||||
throws IOException, CertificateException, NoSuchAlgorithmException {
|
||||
// TODO: add some basic checks (key usage, basic constraints maybe)
|
||||
|
||||
AlgorithmId signAlg = AlgorithmId.get(algName);
|
||||
byte[] encodedCert = encodeTopLevel(issuerCert, issuerKey, signAlg);
|
||||
byte[] encodedCert = encodeTopLevel(issuerCert, issuerKey, algName);
|
||||
ByteArrayInputStream bais = new ByteArrayInputStream(encodedCert);
|
||||
return (X509Certificate)factory.generateCertificate(bais);
|
||||
}
|
||||
@ -392,18 +392,24 @@ public class CertificateBuilder {
|
||||
* @throws IOException if an encoding error occurs.
|
||||
*/
|
||||
private byte[] encodeTopLevel(X509Certificate issuerCert,
|
||||
PrivateKey issuerKey, AlgorithmId signAlg)
|
||||
throws CertificateException, IOException {
|
||||
PrivateKey issuerKey, String algName)
|
||||
throws CertificateException, IOException, NoSuchAlgorithmException {
|
||||
|
||||
AlgorithmId signAlg = AlgorithmId.get(algName);
|
||||
DerOutputStream outerSeq = new DerOutputStream();
|
||||
DerOutputStream topLevelItems = new DerOutputStream();
|
||||
|
||||
tbsCertBytes = encodeTbsCert(issuerCert, signAlg);
|
||||
topLevelItems.write(tbsCertBytes);
|
||||
try {
|
||||
signatureBytes = signCert(issuerKey, signAlg);
|
||||
Signature sig = SignatureUtil.fromKey(signAlg.getName(), issuerKey, (Provider)null);
|
||||
// Rewrite signAlg, RSASSA-PSS needs some parameters.
|
||||
signAlg = SignatureUtil.fromSignature(sig, issuerKey);
|
||||
tbsCertBytes = encodeTbsCert(issuerCert, signAlg);
|
||||
sig.update(tbsCertBytes);
|
||||
signatureBytes = sig.sign();
|
||||
} catch (GeneralSecurityException ge) {
|
||||
throw new CertificateException(ge);
|
||||
}
|
||||
topLevelItems.write(tbsCertBytes);
|
||||
signAlg.derEncode(topLevelItems);
|
||||
topLevelItems.putBitString(signatureBytes);
|
||||
outerSeq.write(DerValue.tag_Sequence, topLevelItems);
|
||||
@ -518,22 +524,4 @@ public class CertificateBuilder {
|
||||
(byte)3), extSequence);
|
||||
}
|
||||
|
||||
/**
|
||||
* Digitally sign the X.509 certificate.
|
||||
*
|
||||
* @param issuerKey The private key of the issuing authority
|
||||
* @param signAlg The signature algorithm object
|
||||
*
|
||||
* @return The digital signature bytes.
|
||||
*
|
||||
* @throws GeneralSecurityException If any errors occur during the
|
||||
* digital signature process.
|
||||
*/
|
||||
private byte[] signCert(PrivateKey issuerKey, AlgorithmId signAlg)
|
||||
throws GeneralSecurityException {
|
||||
Signature sig = Signature.getInstance(signAlg.getName());
|
||||
sig.initSign(issuerKey);
|
||||
sig.update(tbsCertBytes);
|
||||
return sig.sign();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2015, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -174,8 +174,7 @@ public class SimpleOCSPServer {
|
||||
issuerAlias + " not found");
|
||||
}
|
||||
}
|
||||
|
||||
sigAlgId = AlgorithmId.get("Sha256withRSA");
|
||||
sigAlgId = AlgorithmId.get(SignatureUtil.getDefaultSigAlgForKey(signerKey));
|
||||
respId = new ResponderId(signerCert.getSubjectX500Principal());
|
||||
listenAddress = addr;
|
||||
listenPort = port;
|
||||
@ -1348,13 +1347,14 @@ public class SimpleOCSPServer {
|
||||
basicORItemStream.write(tbsResponseBytes);
|
||||
|
||||
try {
|
||||
sigAlgId.derEncode(basicORItemStream);
|
||||
|
||||
// Create the signature
|
||||
Signature sig = Signature.getInstance(sigAlgId.getName());
|
||||
sig.initSign(signerKey);
|
||||
Signature sig = SignatureUtil.fromKey(
|
||||
sigAlgId.getName(), signerKey, (Provider)null);
|
||||
sig.update(tbsResponseBytes);
|
||||
signature = sig.sign();
|
||||
// Rewrite signAlg, RSASSA-PSS needs some parameters.
|
||||
sigAlgId = SignatureUtil.fromSignature(sig, signerKey);
|
||||
sigAlgId.derEncode(basicORItemStream);
|
||||
basicORItemStream.putBitString(signature);
|
||||
} catch (GeneralSecurityException exc) {
|
||||
err(exc);
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2015, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -30,7 +30,8 @@
|
||||
* @summary OCSP Stapling for TLS
|
||||
* @library ../../../../java/security/testlibrary
|
||||
* @build CertificateBuilder SimpleOCSPServer
|
||||
* @run main/othervm HttpsUrlConnClient
|
||||
* @run main/othervm HttpsUrlConnClient RSA SHA256withRSA
|
||||
* @run main/othervm HttpsUrlConnClient RSASSA-PSS RSASSA-PSS
|
||||
*/
|
||||
|
||||
import java.io.*;
|
||||
@ -60,7 +61,6 @@ import java.util.concurrent.TimeUnit;
|
||||
|
||||
import sun.security.testlibrary.SimpleOCSPServer;
|
||||
import sun.security.testlibrary.CertificateBuilder;
|
||||
import sun.security.validator.ValidatorException;
|
||||
|
||||
public class HttpsUrlConnClient {
|
||||
|
||||
@ -73,6 +73,9 @@ public class HttpsUrlConnClient {
|
||||
static final byte[] LINESEP = { 10 };
|
||||
static final Base64.Encoder B64E = Base64.getMimeEncoder(64, LINESEP);
|
||||
|
||||
static String SIGALG;
|
||||
static String KEYALG;
|
||||
|
||||
// Turn on TLS debugging
|
||||
static boolean debug = true;
|
||||
|
||||
@ -137,6 +140,9 @@ public class HttpsUrlConnClient {
|
||||
System.setProperty("javax.net.ssl.trustStore", "");
|
||||
System.setProperty("javax.net.ssl.trustStorePassword", "");
|
||||
|
||||
KEYALG = args[0];
|
||||
SIGALG = args[1];
|
||||
|
||||
// Create the PKI we will use for the test and start the OCSP servers
|
||||
createPKI();
|
||||
utcDateFmt.setTimeZone(TimeZone.getTimeZone("GMT"));
|
||||
@ -514,7 +520,7 @@ public class HttpsUrlConnClient {
|
||||
*/
|
||||
private static void createPKI() throws Exception {
|
||||
CertificateBuilder cbld = new CertificateBuilder();
|
||||
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
|
||||
KeyPairGenerator keyGen = KeyPairGenerator.getInstance(KEYALG);
|
||||
keyGen.initialize(2048);
|
||||
KeyStore.Builder keyStoreBuilder =
|
||||
KeyStore.Builder.newInstance("PKCS12", null,
|
||||
@ -540,7 +546,7 @@ public class HttpsUrlConnClient {
|
||||
addCommonCAExts(cbld);
|
||||
// Make our Root CA Cert!
|
||||
X509Certificate rootCert = cbld.build(null, rootCaKP.getPrivate(),
|
||||
"SHA256withRSA");
|
||||
SIGALG);
|
||||
log("Root CA Created:\n" + certInfo(rootCert));
|
||||
|
||||
// Now build a keystore and add the keys and cert
|
||||
@ -582,7 +588,7 @@ public class HttpsUrlConnClient {
|
||||
cbld.addAIAExt(Collections.singletonList(rootRespURI));
|
||||
// Make our Intermediate CA Cert!
|
||||
X509Certificate intCaCert = cbld.build(rootCert, rootCaKP.getPrivate(),
|
||||
"SHA256withRSA");
|
||||
SIGALG);
|
||||
log("Intermediate CA Created:\n" + certInfo(intCaCert));
|
||||
|
||||
// Provide intermediate CA cert revocation info to the Root CA
|
||||
@ -644,7 +650,7 @@ public class HttpsUrlConnClient {
|
||||
cbld.addAIAExt(Collections.singletonList(intCaRespURI));
|
||||
// Make our SSL Server Cert!
|
||||
X509Certificate sslCert = cbld.build(intCaCert, intCaKP.getPrivate(),
|
||||
"SHA256withRSA");
|
||||
SIGALG);
|
||||
log("SSL Certificate Created:\n" + certInfo(sslCert));
|
||||
|
||||
// Provide SSL server cert revocation info to the Intermeidate CA
|
||||
|
Loading…
x
Reference in New Issue
Block a user