author | ascarpino |
Wed, 08 Feb 2017 12:08:28 -0800 | |
changeset 43701 | fe8c324ba97c |
parent 41580 | cc479488428c |
child 43986 | 717c0cbb60fd |
permissions | -rw-r--r-- |
2 | 1 |
/* |
43701
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
2 |
* Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. |
2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
5506 | 7 |
* published by the Free Software Foundation. Oracle designates this |
2 | 8 |
* particular file as subject to the "Classpath" exception as provided |
5506 | 9 |
* by Oracle in the LICENSE file that accompanied this code. |
2 | 10 |
* |
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
5506 | 21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
2 | 24 |
*/ |
25 |
||
26 |
package sun.security.util; |
|
27 |
||
41580 | 28 |
import java.io.ByteArrayInputStream; |
29 |
import java.io.IOException; |
|
30 |
import java.security.CodeSigner; |
|
43701
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
31 |
import java.security.GeneralSecurityException; |
41580 | 32 |
import java.security.MessageDigest; |
33 |
import java.security.NoSuchAlgorithmException; |
|
34 |
import java.security.SignatureException; |
|
43701
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
35 |
import java.security.Timestamp; |
2 | 36 |
import java.security.cert.CertPath; |
37 |
import java.security.cert.X509Certificate; |
|
38 |
import java.security.cert.CertificateException; |
|
39 |
import java.security.cert.CertificateFactory; |
|
41580 | 40 |
import java.util.ArrayList; |
16020
b57c48f16179
8006182: cleanup to use java.util.Base64 in java security component, providers, and regression tests
msheppar
parents:
10788
diff
changeset
|
41 |
import java.util.Base64; |
41580 | 42 |
import java.util.HashMap; |
43 |
import java.util.Hashtable; |
|
44 |
import java.util.Iterator; |
|
45 |
import java.util.List; |
|
46 |
import java.util.Locale; |
|
47 |
import java.util.Map; |
|
48 |
import java.util.jar.Attributes; |
|
49 |
import java.util.jar.JarException; |
|
50 |
import java.util.jar.JarFile; |
|
51 |
import java.util.jar.Manifest; |
|
2 | 52 |
|
53 |
import sun.security.jca.Providers; |
|
41580 | 54 |
import sun.security.pkcs.PKCS7; |
55 |
import sun.security.pkcs.SignerInfo; |
|
2 | 56 |
|
57 |
public class SignatureFileVerifier { |
|
58 |
||
59 |
/* Are we debugging ? */ |
|
60 |
private static final Debug debug = Debug.getInstance("jar"); |
|
61 |
||
41580 | 62 |
private static final DisabledAlgorithmConstraints JAR_DISABLED_CHECK = |
63 |
new DisabledAlgorithmConstraints( |
|
64 |
DisabledAlgorithmConstraints.PROPERTY_JAR_DISABLED_ALGS); |
|
65 |
||
2 | 66 |
private ArrayList<CodeSigner[]> signerCache; |
67 |
||
68 |
private static final String ATTR_DIGEST = |
|
69 |
("-DIGEST-" + ManifestDigester.MF_MAIN_ATTRS).toUpperCase |
|
70 |
(Locale.ENGLISH); |
|
71 |
||
4152 | 72 |
/** the PKCS7 block for this .DSA/.RSA/.EC file */ |
2 | 73 |
private PKCS7 block; |
74 |
||
9365 | 75 |
/** the raw bytes of the .SF file */ |
31538
0981099a3e54
8130022: Use Java-style array declarations consistently
igerasim
parents:
30374
diff
changeset
|
76 |
private byte[] sfBytes; |
2 | 77 |
|
78 |
/** the name of the signature block file, uppercased and without |
|
4152 | 79 |
* the extension (.DSA/.RSA/.EC) |
2 | 80 |
*/ |
81 |
private String name; |
|
82 |
||
83 |
/** the ManifestDigester */ |
|
84 |
private ManifestDigester md; |
|
85 |
||
86 |
/** cache of created MessageDigest objects */ |
|
87 |
private HashMap<String, MessageDigest> createdDigests; |
|
88 |
||
89 |
/* workaround for parsing Netscape jars */ |
|
90 |
private boolean workaround = false; |
|
91 |
||
92 |
/* for generating certpath objects */ |
|
93 |
private CertificateFactory certificateFactory = null; |
|
94 |
||
43701
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
95 |
/** Algorithms that have been checked if they are weak. */ |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
96 |
private Map<String, Boolean> permittedAlgs= new HashMap<>(); |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
97 |
|
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
98 |
/** TSA timestamp of signed jar. The newest timestamp is used. If there |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
99 |
* was no TSA timestamp used when signed, current time is used ("null"). |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
100 |
*/ |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
101 |
private Timestamp timestamp = null; |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
102 |
|
2 | 103 |
/** |
104 |
* Create the named SignatureFileVerifier. |
|
105 |
* |
|
4152 | 106 |
* @param name the name of the signature block file (.DSA/.RSA/.EC) |
2 | 107 |
* |
108 |
* @param rawBytes the raw bytes of the signature block file |
|
109 |
*/ |
|
110 |
public SignatureFileVerifier(ArrayList<CodeSigner[]> signerCache, |
|
111 |
ManifestDigester md, |
|
112 |
String name, |
|
31538
0981099a3e54
8130022: Use Java-style array declarations consistently
igerasim
parents:
30374
diff
changeset
|
113 |
byte[] rawBytes) |
2 | 114 |
throws IOException, CertificateException |
115 |
{ |
|
116 |
// new PKCS7() calls CertificateFactory.getInstance() |
|
117 |
// need to use local providers here, see Providers class |
|
118 |
Object obj = null; |
|
119 |
try { |
|
120 |
obj = Providers.startJarVerification(); |
|
121 |
block = new PKCS7(rawBytes); |
|
9365 | 122 |
sfBytes = block.getContentInfo().getData(); |
2 | 123 |
certificateFactory = CertificateFactory.getInstance("X509"); |
124 |
} finally { |
|
125 |
Providers.stopJarVerification(obj); |
|
126 |
} |
|
24685
215fa91e1b4c
8044461: Cleanup new Boolean and single character strings
rriggs
parents:
23912
diff
changeset
|
127 |
this.name = name.substring(0, name.lastIndexOf('.')) |
2 | 128 |
.toUpperCase(Locale.ENGLISH); |
129 |
this.md = md; |
|
130 |
this.signerCache = signerCache; |
|
131 |
} |
|
132 |
||
133 |
/** |
|
134 |
* returns true if we need the .SF file |
|
135 |
*/ |
|
9365 | 136 |
public boolean needSignatureFileBytes() |
2 | 137 |
{ |
9365 | 138 |
|
139 |
return sfBytes == null; |
|
2 | 140 |
} |
141 |
||
9365 | 142 |
|
143 |
/** |
|
144 |
* returns true if we need this .SF file. |
|
145 |
* |
|
146 |
* @param name the name of the .SF file without the extension |
|
147 |
* |
|
148 |
*/ |
|
149 |
public boolean needSignatureFile(String name) |
|
150 |
{ |
|
151 |
return this.name.equalsIgnoreCase(name); |
|
152 |
} |
|
153 |
||
154 |
/** |
|
155 |
* used to set the raw bytes of the .SF file when it |
|
156 |
* is external to the signature block file. |
|
157 |
*/ |
|
31538
0981099a3e54
8130022: Use Java-style array declarations consistently
igerasim
parents:
30374
diff
changeset
|
158 |
public void setSignatureFile(byte[] sfBytes) |
9365 | 159 |
{ |
160 |
this.sfBytes = sfBytes; |
|
2 | 161 |
} |
162 |
||
163 |
/** |
|
164 |
* Utility method used by JarVerifier and JarSigner |
|
165 |
* to determine the signature file names and PKCS7 block |
|
166 |
* files names that are supported |
|
167 |
* |
|
168 |
* @param s file name |
|
169 |
* @return true if the input file name is a supported |
|
170 |
* Signature File or PKCS7 block file name |
|
171 |
*/ |
|
172 |
public static boolean isBlockOrSF(String s) { |
|
9365 | 173 |
// we currently only support DSA and RSA PKCS7 blocks |
38375 | 174 |
return s.endsWith(".SF") |
175 |
|| s.endsWith(".DSA") |
|
176 |
|| s.endsWith(".RSA") |
|
177 |
|| s.endsWith(".EC"); |
|
2 | 178 |
} |
179 |
||
23912 | 180 |
/** |
181 |
* Yet another utility method used by JarVerifier and JarSigner |
|
182 |
* to determine what files are signature related, which includes |
|
183 |
* the MANIFEST, SF files, known signature block files, and other |
|
184 |
* unknown signature related files (those starting with SIG- with |
|
185 |
* an optional [A-Z0-9]{1,3} extension right inside META-INF). |
|
186 |
* |
|
30374 | 187 |
* @param name file name |
23912 | 188 |
* @return true if the input file name is signature related |
189 |
*/ |
|
190 |
public static boolean isSigningRelated(String name) { |
|
191 |
name = name.toUpperCase(Locale.ENGLISH); |
|
192 |
if (!name.startsWith("META-INF/")) { |
|
193 |
return false; |
|
194 |
} |
|
195 |
name = name.substring(9); |
|
196 |
if (name.indexOf('/') != -1) { |
|
197 |
return false; |
|
198 |
} |
|
199 |
if (isBlockOrSF(name) || name.equals("MANIFEST.MF")) { |
|
200 |
return true; |
|
201 |
} else if (name.startsWith("SIG-")) { |
|
202 |
// check filename extension |
|
203 |
// see http://docs.oracle.com/javase/7/docs/technotes/guides/jar/jar.html#Digital_Signatures |
|
204 |
// for what filename extensions are legal |
|
205 |
int extIndex = name.lastIndexOf('.'); |
|
206 |
if (extIndex != -1) { |
|
207 |
String ext = name.substring(extIndex + 1); |
|
208 |
// validate length first |
|
209 |
if (ext.length() > 3 || ext.length() < 1) { |
|
210 |
return false; |
|
211 |
} |
|
212 |
// then check chars, must be in [a-zA-Z0-9] per the jar spec |
|
213 |
for (int index = 0; index < ext.length(); index++) { |
|
214 |
char cc = ext.charAt(index); |
|
215 |
// chars are promoted to uppercase so skip lowercase checks |
|
216 |
if ((cc < 'A' || cc > 'Z') && (cc < '0' || cc > '9')) { |
|
217 |
return false; |
|
218 |
} |
|
219 |
} |
|
220 |
} |
|
221 |
return true; // no extension is OK |
|
222 |
} |
|
223 |
return false; |
|
224 |
} |
|
225 |
||
2 | 226 |
/** get digest from cache */ |
227 |
||
43701
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
228 |
private MessageDigest getDigest(String algorithm) |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
229 |
throws SignatureException { |
2 | 230 |
if (createdDigests == null) |
30033
b9c86c17164a
8078468: Update security libraries to use diamond with anonymous classes
darcy
parents:
25859
diff
changeset
|
231 |
createdDigests = new HashMap<>(); |
2 | 232 |
|
233 |
MessageDigest digest = createdDigests.get(algorithm); |
|
234 |
||
235 |
if (digest == null) { |
|
236 |
try { |
|
237 |
digest = MessageDigest.getInstance(algorithm); |
|
238 |
createdDigests.put(algorithm, digest); |
|
239 |
} catch (NoSuchAlgorithmException nsae) { |
|
240 |
// ignore |
|
241 |
} |
|
242 |
} |
|
243 |
return digest; |
|
244 |
} |
|
245 |
||
246 |
/** |
|
247 |
* process the signature block file. Goes through the .SF file |
|
248 |
* and adds code signers for each section where the .SF section |
|
249 |
* hash was verified against the Manifest section. |
|
250 |
* |
|
251 |
* |
|
252 |
*/ |
|
9365 | 253 |
public void process(Hashtable<String, CodeSigner[]> signers, |
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9365
diff
changeset
|
254 |
List<Object> manifestDigests) |
2 | 255 |
throws IOException, SignatureException, NoSuchAlgorithmException, |
256 |
JarException, CertificateException |
|
257 |
{ |
|
258 |
// calls Signature.getInstance() and MessageDigest.getInstance() |
|
259 |
// need to use local providers here, see Providers class |
|
260 |
Object obj = null; |
|
261 |
try { |
|
262 |
obj = Providers.startJarVerification(); |
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
7524
diff
changeset
|
263 |
processImpl(signers, manifestDigests); |
2 | 264 |
} finally { |
265 |
Providers.stopJarVerification(obj); |
|
266 |
} |
|
267 |
||
268 |
} |
|
269 |
||
9365 | 270 |
private void processImpl(Hashtable<String, CodeSigner[]> signers, |
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9365
diff
changeset
|
271 |
List<Object> manifestDigests) |
2 | 272 |
throws IOException, SignatureException, NoSuchAlgorithmException, |
273 |
JarException, CertificateException |
|
274 |
{ |
|
9365 | 275 |
Manifest sf = new Manifest(); |
276 |
sf.read(new ByteArrayInputStream(sfBytes)); |
|
2 | 277 |
|
9365 | 278 |
String version = |
279 |
sf.getMainAttributes().getValue(Attributes.Name.SIGNATURE_VERSION); |
|
2 | 280 |
|
9365 | 281 |
if ((version == null) || !(version.equalsIgnoreCase("1.0"))) { |
282 |
// XXX: should this be an exception? |
|
283 |
// for now we just ignore this signature file |
|
284 |
return; |
|
2 | 285 |
} |
286 |
||
9365 | 287 |
SignerInfo[] infos = block.verify(sfBytes); |
2 | 288 |
|
9365 | 289 |
if (infos == null) { |
2 | 290 |
throw new SecurityException("cannot verify signature block file " + |
291 |
name); |
|
292 |
} |
|
293 |
||
294 |
||
295 |
CodeSigner[] newSigners = getSigners(infos, block); |
|
296 |
||
297 |
// make sure we have something to do all this work for... |
|
298 |
if (newSigners == null) |
|
299 |
return; |
|
300 |
||
43701
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
301 |
/* |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
302 |
* Look for the latest timestamp in the signature block. If an entry |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
303 |
* has no timestamp, use current time (aka null). |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
304 |
*/ |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
305 |
for (CodeSigner s: newSigners) { |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
306 |
if (debug != null) { |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
307 |
debug.println("Gathering timestamp for: " + s.toString()); |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
308 |
} |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
309 |
if (s.getTimestamp() == null) { |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
310 |
timestamp = null; |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
311 |
break; |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
312 |
} else if (timestamp == null) { |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
313 |
timestamp = s.getTimestamp(); |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
314 |
} else { |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
315 |
if (timestamp.getTimestamp().before( |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
316 |
s.getTimestamp().getTimestamp())) { |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
317 |
timestamp = s.getTimestamp(); |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
318 |
} |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
319 |
} |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
320 |
} |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
321 |
|
9365 | 322 |
Iterator<Map.Entry<String,Attributes>> entries = |
323 |
sf.getEntries().entrySet().iterator(); |
|
324 |
||
325 |
// see if we can verify the whole manifest first |
|
16020
b57c48f16179
8006182: cleanup to use java.util.Base64 in java security component, providers, and regression tests
msheppar
parents:
10788
diff
changeset
|
326 |
boolean manifestSigned = verifyManifestHash(sf, md, manifestDigests); |
9365 | 327 |
|
2 | 328 |
// verify manifest main attributes |
16020
b57c48f16179
8006182: cleanup to use java.util.Base64 in java security component, providers, and regression tests
msheppar
parents:
10788
diff
changeset
|
329 |
if (!manifestSigned && !verifyManifestMainAttrs(sf, md)) { |
2 | 330 |
throw new SecurityException |
331 |
("Invalid signature file digest for Manifest main attributes"); |
|
332 |
} |
|
333 |
||
9365 | 334 |
// go through each section in the signature file |
2 | 335 |
while(entries.hasNext()) { |
336 |
||
337 |
Map.Entry<String,Attributes> e = entries.next(); |
|
338 |
String name = e.getKey(); |
|
339 |
||
340 |
if (manifestSigned || |
|
16020
b57c48f16179
8006182: cleanup to use java.util.Base64 in java security component, providers, and regression tests
msheppar
parents:
10788
diff
changeset
|
341 |
(verifySection(e.getValue(), name, md))) { |
2 | 342 |
|
343 |
if (name.startsWith("./")) |
|
344 |
name = name.substring(2); |
|
345 |
||
346 |
if (name.startsWith("/")) |
|
347 |
name = name.substring(1); |
|
348 |
||
349 |
updateSigners(newSigners, signers, name); |
|
350 |
||
351 |
if (debug != null) { |
|
352 |
debug.println("processSignature signed name = "+name); |
|
353 |
} |
|
354 |
||
355 |
} else if (debug != null) { |
|
356 |
debug.println("processSignature unsigned name = "+name); |
|
357 |
} |
|
358 |
} |
|
7524
ec12e1e6fa20
7004035: signed jar with only META-INF/* inside is not verifiable
weijun
parents:
5506
diff
changeset
|
359 |
|
ec12e1e6fa20
7004035: signed jar with only META-INF/* inside is not verifiable
weijun
parents:
5506
diff
changeset
|
360 |
// MANIFEST.MF is always regarded as signed |
ec12e1e6fa20
7004035: signed jar with only META-INF/* inside is not verifiable
weijun
parents:
5506
diff
changeset
|
361 |
updateSigners(newSigners, signers, JarFile.MANIFEST_NAME); |
2 | 362 |
} |
363 |
||
364 |
/** |
|
43701
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
365 |
* Check if algorithm is permitted using the permittedAlgs Map. |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
366 |
* If the algorithm is not in the map, check against disabled algorithms and |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
367 |
* store the result. If the algorithm is in the map use that result. |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
368 |
* False is returned for weak algorithm, true for good algorithms. |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
369 |
*/ |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
370 |
boolean permittedCheck(String key, String algorithm) { |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
371 |
Boolean permitted = permittedAlgs.get(algorithm); |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
372 |
if (permitted == null) { |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
373 |
try { |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
374 |
JAR_DISABLED_CHECK.permits(algorithm, |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
375 |
new ConstraintsParameters(timestamp)); |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
376 |
} catch(GeneralSecurityException e) { |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
377 |
permittedAlgs.put(algorithm, Boolean.FALSE); |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
378 |
permittedAlgs.put(key.toUpperCase(), Boolean.FALSE); |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
379 |
if (debug != null) { |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
380 |
if (e.getMessage() != null) { |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
381 |
debug.println(key + ": " + e.getMessage()); |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
382 |
} else { |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
383 |
debug.println(key + ": " + algorithm + |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
384 |
" was disabled, no exception msg given."); |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
385 |
e.printStackTrace(); |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
386 |
} |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
387 |
} |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
388 |
return false; |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
389 |
} |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
390 |
|
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
391 |
permittedAlgs.put(algorithm, Boolean.TRUE); |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
392 |
return true; |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
393 |
} |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
394 |
|
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
395 |
// Algorithm has already been checked, return the value from map. |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
396 |
return permitted.booleanValue(); |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
397 |
} |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
398 |
|
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
399 |
/** |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
400 |
* With a given header (*-DIGEST*), return a string that lists all the |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
401 |
* algorithms associated with the header. |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
402 |
* If there are none, return "Unknown Algorithm". |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
403 |
*/ |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
404 |
String getWeakAlgorithms(String header) { |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
405 |
String w = ""; |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
406 |
try { |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
407 |
for (String key : permittedAlgs.keySet()) { |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
408 |
if (key.endsWith(header)) { |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
409 |
w += key.substring(0, key.length() - header.length()) + " "; |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
410 |
} |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
411 |
} |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
412 |
} catch (RuntimeException e) { |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
413 |
w = "Unknown Algorithm(s). Error processing " + header + ". " + |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
414 |
e.getMessage(); |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
415 |
} |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
416 |
|
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
417 |
// This means we have an error in finding weak algorithms, run in |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
418 |
// debug mode to see permittedAlgs map's values. |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
419 |
if (w.length() == 0) { |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
420 |
return "Unknown Algorithm(s)"; |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
421 |
} |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
422 |
|
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
423 |
return w; |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
424 |
} |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
425 |
|
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
426 |
/** |
2 | 427 |
* See if the whole manifest was signed. |
428 |
*/ |
|
429 |
private boolean verifyManifestHash(Manifest sf, |
|
430 |
ManifestDigester md, |
|
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9365
diff
changeset
|
431 |
List<Object> manifestDigests) |
41580 | 432 |
throws IOException, SignatureException |
2 | 433 |
{ |
434 |
Attributes mattr = sf.getMainAttributes(); |
|
435 |
boolean manifestSigned = false; |
|
43701
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
436 |
boolean weakAlgs = true; |
2 | 437 |
|
438 |
// go through all the attributes and process *-Digest-Manifest entries |
|
439 |
for (Map.Entry<Object,Object> se : mattr.entrySet()) { |
|
440 |
||
441 |
String key = se.getKey().toString(); |
|
442 |
||
443 |
if (key.toUpperCase(Locale.ENGLISH).endsWith("-DIGEST-MANIFEST")) { |
|
444 |
// 16 is length of "-Digest-Manifest" |
|
445 |
String algorithm = key.substring(0, key.length()-16); |
|
446 |
||
43701
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
447 |
// Check if this algorithm is permitted, skip if false. |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
448 |
if (!permittedCheck(key, algorithm)) { |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
449 |
continue; |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
450 |
} |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
451 |
|
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
452 |
// A non-weak algorithm was used, any weak algorithms found do |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
453 |
// not need to be reported. |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
454 |
weakAlgs = false; |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
455 |
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
7524
diff
changeset
|
456 |
manifestDigests.add(key); |
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
7524
diff
changeset
|
457 |
manifestDigests.add(se.getValue()); |
2 | 458 |
MessageDigest digest = getDigest(algorithm); |
459 |
if (digest != null) { |
|
460 |
byte[] computedHash = md.manifestDigest(digest); |
|
461 |
byte[] expectedHash = |
|
16020
b57c48f16179
8006182: cleanup to use java.util.Base64 in java security component, providers, and regression tests
msheppar
parents:
10788
diff
changeset
|
462 |
Base64.getMimeDecoder().decode((String)se.getValue()); |
2 | 463 |
|
464 |
if (debug != null) { |
|
43701
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
465 |
debug.println("Signature File: Manifest digest " + |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
466 |
algorithm); |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
467 |
debug.println( " sigfile " + toHex(expectedHash)); |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
468 |
debug.println( " computed " + toHex(computedHash)); |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
469 |
debug.println(); |
2 | 470 |
} |
471 |
||
43701
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
472 |
if (MessageDigest.isEqual(computedHash, expectedHash)) { |
2 | 473 |
manifestSigned = true; |
474 |
} else { |
|
475 |
//XXX: we will continue and verify each section |
|
476 |
} |
|
477 |
} |
|
478 |
} |
|
479 |
} |
|
43701
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
480 |
|
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
481 |
if (debug != null) { |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
482 |
debug.println("PermittedAlgs mapping: "); |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
483 |
for (String key : permittedAlgs.keySet()) { |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
484 |
debug.println(key + " : " + |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
485 |
permittedAlgs.get(key).toString()); |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
486 |
} |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
487 |
} |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
488 |
|
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
489 |
// If there were only weak algorithms used, throw an exception. |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
490 |
if (weakAlgs) { |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
491 |
String weakAlgorithms = getWeakAlgorithms("-DIGEST-MANIFEST"); |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
492 |
throw new SignatureException("Manifest hash check failed " + |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
493 |
"(DIGEST-MANIFEST). Disabled algorithm(s) used: " + |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
494 |
weakAlgorithms); |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
495 |
} |
2 | 496 |
return manifestSigned; |
497 |
} |
|
498 |
||
43701
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
499 |
private boolean verifyManifestMainAttrs(Manifest sf, ManifestDigester md) |
41580 | 500 |
throws IOException, SignatureException |
2 | 501 |
{ |
502 |
Attributes mattr = sf.getMainAttributes(); |
|
503 |
boolean attrsVerified = true; |
|
43701
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
504 |
boolean weakAlgs = true; |
2 | 505 |
|
506 |
// go through all the attributes and process |
|
507 |
// digest entries for the manifest main attributes |
|
508 |
for (Map.Entry<Object,Object> se : mattr.entrySet()) { |
|
509 |
String key = se.getKey().toString(); |
|
510 |
||
511 |
if (key.toUpperCase(Locale.ENGLISH).endsWith(ATTR_DIGEST)) { |
|
512 |
String algorithm = |
|
513 |
key.substring(0, key.length() - ATTR_DIGEST.length()); |
|
514 |
||
43701
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
515 |
// Check if this algorithm is permitted, skip if false. |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
516 |
if (!permittedCheck(key, algorithm)) { |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
517 |
continue; |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
518 |
} |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
519 |
|
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
520 |
// A non-weak algorithm was used, any weak algorithms found do |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
521 |
// not need to be reported. |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
522 |
weakAlgs = false; |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
523 |
|
2 | 524 |
MessageDigest digest = getDigest(algorithm); |
525 |
if (digest != null) { |
|
526 |
ManifestDigester.Entry mde = |
|
527 |
md.get(ManifestDigester.MF_MAIN_ATTRS, false); |
|
528 |
byte[] computedHash = mde.digest(digest); |
|
529 |
byte[] expectedHash = |
|
16020
b57c48f16179
8006182: cleanup to use java.util.Base64 in java security component, providers, and regression tests
msheppar
parents:
10788
diff
changeset
|
530 |
Base64.getMimeDecoder().decode((String)se.getValue()); |
2 | 531 |
|
532 |
if (debug != null) { |
|
533 |
debug.println("Signature File: " + |
|
534 |
"Manifest Main Attributes digest " + |
|
535 |
digest.getAlgorithm()); |
|
536 |
debug.println( " sigfile " + toHex(expectedHash)); |
|
537 |
debug.println( " computed " + toHex(computedHash)); |
|
538 |
debug.println(); |
|
539 |
} |
|
540 |
||
43701
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
541 |
if (MessageDigest.isEqual(computedHash, expectedHash)) { |
2 | 542 |
// good |
543 |
} else { |
|
544 |
// we will *not* continue and verify each section |
|
545 |
attrsVerified = false; |
|
546 |
if (debug != null) { |
|
547 |
debug.println("Verification of " + |
|
548 |
"Manifest main attributes failed"); |
|
549 |
debug.println(); |
|
550 |
} |
|
551 |
break; |
|
552 |
} |
|
553 |
} |
|
554 |
} |
|
555 |
} |
|
556 |
||
43701
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
557 |
if (debug != null) { |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
558 |
debug.println("PermittedAlgs mapping: "); |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
559 |
for (String key : permittedAlgs.keySet()) { |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
560 |
debug.println(key + " : " + |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
561 |
permittedAlgs.get(key).toString()); |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
562 |
} |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
563 |
} |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
564 |
|
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
565 |
// If there were only weak algorithms used, throw an exception. |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
566 |
if (weakAlgs) { |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
567 |
String weakAlgorithms = getWeakAlgorithms("-DIGEST-" + |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
568 |
ManifestDigester.MF_MAIN_ATTRS); |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
569 |
throw new SignatureException("Manifest Main Attribute check " + |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
570 |
"failed (DIGEST-" + ManifestDigester.MF_MAIN_ATTRS + |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
571 |
"). " + "Disabled algorithm(s) used: " + weakAlgorithms); |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
572 |
} |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
573 |
|
2 | 574 |
// this method returns 'true' if either: |
575 |
// . manifest main attributes were not signed, or |
|
576 |
// . manifest main attributes were signed and verified |
|
577 |
return attrsVerified; |
|
578 |
} |
|
579 |
||
580 |
/** |
|
581 |
* given the .SF digest header, and the data from the |
|
582 |
* section in the manifest, see if the hashes match. |
|
583 |
* if not, throw a SecurityException. |
|
584 |
* |
|
585 |
* @return true if all the -Digest headers verified |
|
586 |
* @exception SecurityException if the hash was not equal |
|
587 |
*/ |
|
588 |
||
589 |
private boolean verifySection(Attributes sfAttr, |
|
590 |
String name, |
|
16020
b57c48f16179
8006182: cleanup to use java.util.Base64 in java security component, providers, and regression tests
msheppar
parents:
10788
diff
changeset
|
591 |
ManifestDigester md) |
41580 | 592 |
throws IOException, SignatureException |
2 | 593 |
{ |
594 |
boolean oneDigestVerified = false; |
|
595 |
ManifestDigester.Entry mde = md.get(name,block.isOldStyle()); |
|
43701
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
596 |
boolean weakAlgs = true; |
2 | 597 |
|
598 |
if (mde == null) { |
|
599 |
throw new SecurityException( |
|
41580 | 600 |
"no manifest section for signature file entry "+name); |
2 | 601 |
} |
602 |
||
603 |
if (sfAttr != null) { |
|
34687
d302ed125dc9
8144995: Move sun.misc.HexDumpEncoder to sun.security.util
chegar
parents:
31538
diff
changeset
|
604 |
//sun.security.util.HexDumpEncoder hex = new sun.security.util.HexDumpEncoder(); |
2 | 605 |
//hex.encodeBuffer(data, System.out); |
606 |
||
607 |
// go through all the attributes and process *-Digest entries |
|
608 |
for (Map.Entry<Object,Object> se : sfAttr.entrySet()) { |
|
609 |
String key = se.getKey().toString(); |
|
610 |
||
611 |
if (key.toUpperCase(Locale.ENGLISH).endsWith("-DIGEST")) { |
|
612 |
// 7 is length of "-Digest" |
|
613 |
String algorithm = key.substring(0, key.length()-7); |
|
614 |
||
43701
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
615 |
// Check if this algorithm is permitted, skip if false. |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
616 |
if (!permittedCheck(key, algorithm)) { |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
617 |
continue; |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
618 |
} |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
619 |
|
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
620 |
// A non-weak algorithm was used, any weak algorithms found do |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
621 |
// not need to be reported. |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
622 |
weakAlgs = false; |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
623 |
|
2 | 624 |
MessageDigest digest = getDigest(algorithm); |
625 |
||
626 |
if (digest != null) { |
|
627 |
boolean ok = false; |
|
628 |
||
629 |
byte[] expected = |
|
16020
b57c48f16179
8006182: cleanup to use java.util.Base64 in java security component, providers, and regression tests
msheppar
parents:
10788
diff
changeset
|
630 |
Base64.getMimeDecoder().decode((String)se.getValue()); |
2 | 631 |
byte[] computed; |
632 |
if (workaround) { |
|
633 |
computed = mde.digestWorkaround(digest); |
|
634 |
} else { |
|
635 |
computed = mde.digest(digest); |
|
636 |
} |
|
637 |
||
638 |
if (debug != null) { |
|
639 |
debug.println("Signature Block File: " + |
|
640 |
name + " digest=" + digest.getAlgorithm()); |
|
641 |
debug.println(" expected " + toHex(expected)); |
|
642 |
debug.println(" computed " + toHex(computed)); |
|
643 |
debug.println(); |
|
644 |
} |
|
645 |
||
646 |
if (MessageDigest.isEqual(computed, expected)) { |
|
647 |
oneDigestVerified = true; |
|
648 |
ok = true; |
|
649 |
} else { |
|
650 |
// attempt to fallback to the workaround |
|
651 |
if (!workaround) { |
|
652 |
computed = mde.digestWorkaround(digest); |
|
653 |
if (MessageDigest.isEqual(computed, expected)) { |
|
654 |
if (debug != null) { |
|
655 |
debug.println(" re-computed " + toHex(computed)); |
|
656 |
debug.println(); |
|
657 |
} |
|
658 |
workaround = true; |
|
659 |
oneDigestVerified = true; |
|
660 |
ok = true; |
|
661 |
} |
|
662 |
} |
|
663 |
} |
|
664 |
if (!ok){ |
|
665 |
throw new SecurityException("invalid " + |
|
666 |
digest.getAlgorithm() + |
|
667 |
" signature file digest for " + name); |
|
668 |
} |
|
669 |
} |
|
670 |
} |
|
671 |
} |
|
672 |
} |
|
43701
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
673 |
|
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
674 |
if (debug != null) { |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
675 |
debug.println("PermittedAlgs mapping: "); |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
676 |
for (String key : permittedAlgs.keySet()) { |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
677 |
debug.println(key + " : " + |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
678 |
permittedAlgs.get(key).toString()); |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
679 |
} |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
680 |
} |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
681 |
|
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
682 |
// If there were only weak algorithms used, throw an exception. |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
683 |
if (weakAlgs) { |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
684 |
String weakAlgorithms = getWeakAlgorithms("DIGEST"); |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
685 |
throw new SignatureException("Manifest Main Attribute check " + |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
686 |
"failed (DIGEST). " + "Disabled algorithm(s) used: " + |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
687 |
weakAlgorithms); |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
688 |
} |
fe8c324ba97c
8160655: Fix denyAfter and usage types for security properties
ascarpino
parents:
41580
diff
changeset
|
689 |
|
2 | 690 |
return oneDigestVerified; |
691 |
} |
|
692 |
||
693 |
/** |
|
694 |
* Given the PKCS7 block and SignerInfo[], create an array of |
|
695 |
* CodeSigner objects. We do this only *once* for a given |
|
696 |
* signature block file. |
|
697 |
*/ |
|
31538
0981099a3e54
8130022: Use Java-style array declarations consistently
igerasim
parents:
30374
diff
changeset
|
698 |
private CodeSigner[] getSigners(SignerInfo[] infos, PKCS7 block) |
2 | 699 |
throws IOException, NoSuchAlgorithmException, SignatureException, |
700 |
CertificateException { |
|
701 |
||
702 |
ArrayList<CodeSigner> signers = null; |
|
703 |
||
704 |
for (int i = 0; i < infos.length; i++) { |
|
705 |
||
706 |
SignerInfo info = infos[i]; |
|
707 |
ArrayList<X509Certificate> chain = info.getCertificateChain(block); |
|
708 |
CertPath certChain = certificateFactory.generateCertPath(chain); |
|
709 |
if (signers == null) { |
|
30033
b9c86c17164a
8078468: Update security libraries to use diamond with anonymous classes
darcy
parents:
25859
diff
changeset
|
710 |
signers = new ArrayList<>(); |
2 | 711 |
} |
712 |
// Append the new code signer |
|
10788
680a3dbfcaba
7102686: Restructure timestamp code so that jars and modules can more easily share the same code
mullan
parents:
10336
diff
changeset
|
713 |
signers.add(new CodeSigner(certChain, info.getTimestamp())); |
2 | 714 |
|
715 |
if (debug != null) { |
|
716 |
debug.println("Signature Block Certificate: " + |
|
717 |
chain.get(0)); |
|
718 |
} |
|
719 |
} |
|
720 |
||
721 |
if (signers != null) { |
|
722 |
return signers.toArray(new CodeSigner[signers.size()]); |
|
723 |
} else { |
|
724 |
return null; |
|
725 |
} |
|
726 |
} |
|
727 |
||
728 |
// for the toHex function |
|
729 |
private static final char[] hexc = |
|
730 |
{'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'}; |
|
731 |
/** |
|
732 |
* convert a byte array to a hex string for debugging purposes |
|
733 |
* @param data the binary data to be converted to a hex string |
|
734 |
* @return an ASCII hex string |
|
735 |
*/ |
|
736 |
||
737 |
static String toHex(byte[] data) { |
|
738 |
||
24969
afa6934dd8e8
8041679: Replace uses of StringBuffer with StringBuilder within core library classes
psandoz
parents:
24685
diff
changeset
|
739 |
StringBuilder sb = new StringBuilder(data.length*2); |
2 | 740 |
|
741 |
for (int i=0; i<data.length; i++) { |
|
742 |
sb.append(hexc[(data[i] >>4) & 0x0f]); |
|
743 |
sb.append(hexc[data[i] & 0x0f]); |
|
744 |
} |
|
745 |
return sb.toString(); |
|
746 |
} |
|
747 |
||
748 |
// returns true if set contains signer |
|
749 |
static boolean contains(CodeSigner[] set, CodeSigner signer) |
|
750 |
{ |
|
751 |
for (int i = 0; i < set.length; i++) { |
|
752 |
if (set[i].equals(signer)) |
|
753 |
return true; |
|
754 |
} |
|
755 |
return false; |
|
756 |
} |
|
757 |
||
758 |
// returns true if subset is a subset of set |
|
759 |
static boolean isSubSet(CodeSigner[] subset, CodeSigner[] set) |
|
760 |
{ |
|
761 |
// check for the same object |
|
762 |
if (set == subset) |
|
763 |
return true; |
|
764 |
||
9365 | 765 |
boolean match; |
2 | 766 |
for (int i = 0; i < subset.length; i++) { |
767 |
if (!contains(set, subset[i])) |
|
768 |
return false; |
|
769 |
} |
|
770 |
return true; |
|
771 |
} |
|
772 |
||
773 |
/** |
|
774 |
* returns true if signer contains exactly the same code signers as |
|
775 |
* oldSigner and newSigner, false otherwise. oldSigner |
|
776 |
* is allowed to be null. |
|
777 |
*/ |
|
778 |
static boolean matches(CodeSigner[] signers, CodeSigner[] oldSigners, |
|
779 |
CodeSigner[] newSigners) { |
|
780 |
||
781 |
// special case |
|
782 |
if ((oldSigners == null) && (signers == newSigners)) |
|
783 |
return true; |
|
784 |
||
9365 | 785 |
boolean match; |
786 |
||
2 | 787 |
// make sure all oldSigners are in signers |
788 |
if ((oldSigners != null) && !isSubSet(oldSigners, signers)) |
|
789 |
return false; |
|
790 |
||
791 |
// make sure all newSigners are in signers |
|
792 |
if (!isSubSet(newSigners, signers)) { |
|
793 |
return false; |
|
794 |
} |
|
795 |
||
796 |
// now make sure all the code signers in signers are |
|
797 |
// also in oldSigners or newSigners |
|
798 |
||
799 |
for (int i = 0; i < signers.length; i++) { |
|
800 |
boolean found = |
|
801 |
((oldSigners != null) && contains(oldSigners, signers[i])) || |
|
802 |
contains(newSigners, signers[i]); |
|
803 |
if (!found) |
|
804 |
return false; |
|
805 |
} |
|
806 |
return true; |
|
807 |
} |
|
808 |
||
809 |
void updateSigners(CodeSigner[] newSigners, |
|
9365 | 810 |
Hashtable<String, CodeSigner[]> signers, String name) { |
2 | 811 |
|
812 |
CodeSigner[] oldSigners = signers.get(name); |
|
813 |
||
814 |
// search through the cache for a match, go in reverse order |
|
815 |
// as we are more likely to find a match with the last one |
|
816 |
// added to the cache |
|
817 |
||
818 |
CodeSigner[] cachedSigners; |
|
819 |
for (int i = signerCache.size() - 1; i != -1; i--) { |
|
820 |
cachedSigners = signerCache.get(i); |
|
821 |
if (matches(cachedSigners, oldSigners, newSigners)) { |
|
822 |
signers.put(name, cachedSigners); |
|
823 |
return; |
|
824 |
} |
|
825 |
} |
|
826 |
||
827 |
if (oldSigners == null) { |
|
828 |
cachedSigners = newSigners; |
|
829 |
} else { |
|
830 |
cachedSigners = |
|
831 |
new CodeSigner[oldSigners.length + newSigners.length]; |
|
832 |
System.arraycopy(oldSigners, 0, cachedSigners, 0, |
|
833 |
oldSigners.length); |
|
834 |
System.arraycopy(newSigners, 0, cachedSigners, oldSigners.length, |
|
835 |
newSigners.length); |
|
836 |
} |
|
837 |
signerCache.add(cachedSigners); |
|
838 |
signers.put(name, cachedSigners); |
|
839 |
} |
|
840 |
} |