--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/jarsigner/TimestampCheck.java Tue Sep 12 19:03:39 2017 +0200
@@ -0,0 +1,608 @@
+/*
+ * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import com.sun.net.httpserver.*;
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.math.BigInteger;
+import java.net.InetSocketAddress;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.Signature;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Calendar;
+import java.util.List;
+import java.util.jar.JarEntry;
+import java.util.jar.JarFile;
+
+import jdk.test.lib.SecurityTools;
+import jdk.testlibrary.*;
+import jdk.test.lib.util.JarUtils;
+import sun.security.pkcs.ContentInfo;
+import sun.security.pkcs.PKCS7;
+import sun.security.pkcs.PKCS9Attribute;
+import sun.security.pkcs.SignerInfo;
+import sun.security.timestamp.TimestampToken;
+import sun.security.util.DerOutputStream;
+import sun.security.util.DerValue;
+import sun.security.util.ObjectIdentifier;
+import sun.security.x509.AlgorithmId;
+import sun.security.x509.X500Name;
+
+/*
+ * @test
+ * @bug 6543842 6543440 6939248 8009636 8024302 8163304 8169911
+ * @summary checking response of timestamp
+ * @modules java.base/sun.security.pkcs
+ * java.base/sun.security.timestamp
+ * java.base/sun.security.x509
+ * java.base/sun.security.util
+ * java.base/sun.security.tools.keytool
+ * @library /lib/testlibrary
+ * @library /test/lib
+ * @build jdk.test.lib.util.JarUtils
+ * jdk.test.lib.SecurityTools
+ * jdk.test.lib.Utils
+ * jdk.test.lib.Asserts
+ * jdk.test.lib.JDKToolFinder
+ * jdk.test.lib.JDKToolLauncher
+ * jdk.test.lib.Platform
+ * jdk.test.lib.process.*
+ * @run main/timeout=600 TimestampCheck
+ */
+public class TimestampCheck {
+
+ static final String defaultPolicyId = "2.3.4";
+ static String host = null;
+
+ static class Handler implements HttpHandler, AutoCloseable {
+
+ private final HttpServer httpServer;
+ private final String keystore;
+
+ @Override
+ public void handle(HttpExchange t) throws IOException {
+ int len = 0;
+ for (String h: t.getRequestHeaders().keySet()) {
+ if (h.equalsIgnoreCase("Content-length")) {
+ len = Integer.valueOf(t.getRequestHeaders().get(h).get(0));
+ }
+ }
+ byte[] input = new byte[len];
+ t.getRequestBody().read(input);
+
+ try {
+ String path = t.getRequestURI().getPath().substring(1);
+ byte[] output = sign(input, path);
+ Headers out = t.getResponseHeaders();
+ out.set("Content-Type", "application/timestamp-reply");
+
+ t.sendResponseHeaders(200, output.length);
+ OutputStream os = t.getResponseBody();
+ os.write(output);
+ } catch (Exception e) {
+ e.printStackTrace();
+ t.sendResponseHeaders(500, 0);
+ }
+ t.close();
+ }
+
+ /**
+ * @param input The data to sign
+ * @param path different cases to simulate, impl on URL path
+ * @returns the signed
+ */
+ byte[] sign(byte[] input, String path) throws Exception {
+
+ DerValue value = new DerValue(input);
+ System.err.println("\nIncoming Request\n===================");
+ System.err.println("Version: " + value.data.getInteger());
+ DerValue messageImprint = value.data.getDerValue();
+ AlgorithmId aid = AlgorithmId.parse(
+ messageImprint.data.getDerValue());
+ System.err.println("AlgorithmId: " + aid);
+
+ ObjectIdentifier policyId = new ObjectIdentifier(defaultPolicyId);
+ BigInteger nonce = null;
+ while (value.data.available() > 0) {
+ DerValue v = value.data.getDerValue();
+ if (v.tag == DerValue.tag_Integer) {
+ nonce = v.getBigInteger();
+ System.err.println("nonce: " + nonce);
+ } else if (v.tag == DerValue.tag_Boolean) {
+ System.err.println("certReq: " + v.getBoolean());
+ } else if (v.tag == DerValue.tag_ObjectId) {
+ policyId = v.getOID();
+ System.err.println("PolicyID: " + policyId);
+ }
+ }
+
+ System.err.println("\nResponse\n===================");
+ KeyStore ks = KeyStore.getInstance(
+ new File(keystore), "changeit".toCharArray());
+
+ String alias = "ts";
+ if (path.startsWith("bad") || path.equals("weak")) {
+ alias = "ts" + path;
+ }
+
+ if (path.equals("diffpolicy")) {
+ policyId = new ObjectIdentifier(defaultPolicyId);
+ }
+
+ DerOutputStream statusInfo = new DerOutputStream();
+ statusInfo.putInteger(0);
+
+ AlgorithmId[] algorithms = {aid};
+ Certificate[] chain = ks.getCertificateChain(alias);
+ X509Certificate[] signerCertificateChain;
+ X509Certificate signer = (X509Certificate)chain[0];
+
+ if (path.equals("fullchain")) { // Only case 5 uses full chain
+ signerCertificateChain = new X509Certificate[chain.length];
+ for (int i=0; i<chain.length; i++) {
+ signerCertificateChain[i] = (X509Certificate)chain[i];
+ }
+ } else if (path.equals("nocert")) {
+ signerCertificateChain = new X509Certificate[0];
+ } else {
+ signerCertificateChain = new X509Certificate[1];
+ signerCertificateChain[0] = (X509Certificate)chain[0];
+ }
+
+ DerOutputStream tst = new DerOutputStream();
+
+ tst.putInteger(1);
+ tst.putOID(policyId);
+
+ if (!path.equals("baddigest") && !path.equals("diffalg")) {
+ tst.putDerValue(messageImprint);
+ } else {
+ byte[] data = messageImprint.toByteArray();
+ if (path.equals("diffalg")) {
+ data[6] = (byte)0x01;
+ } else {
+ data[data.length-1] = (byte)0x01;
+ data[data.length-2] = (byte)0x02;
+ data[data.length-3] = (byte)0x03;
+ }
+ tst.write(data);
+ }
+
+ tst.putInteger(1);
+
+ Calendar cal = Calendar.getInstance();
+ tst.putGeneralizedTime(cal.getTime());
+
+ if (path.equals("diffnonce")) {
+ tst.putInteger(1234);
+ } else if (path.equals("nononce")) {
+ // no noce
+ } else {
+ tst.putInteger(nonce);
+ }
+
+ DerOutputStream tstInfo = new DerOutputStream();
+ tstInfo.write(DerValue.tag_Sequence, tst);
+
+ DerOutputStream tstInfo2 = new DerOutputStream();
+ tstInfo2.putOctetString(tstInfo.toByteArray());
+
+ // Always use the same algorithm at timestamp signing
+ // so it is different from the hash algorithm.
+ Signature sig = Signature.getInstance("SHA1withRSA");
+ sig.initSign((PrivateKey)(ks.getKey(
+ alias, "changeit".toCharArray())));
+ sig.update(tstInfo.toByteArray());
+
+ ContentInfo contentInfo = new ContentInfo(new ObjectIdentifier(
+ "1.2.840.113549.1.9.16.1.4"),
+ new DerValue(tstInfo2.toByteArray()));
+
+ System.err.println("Signing...");
+ System.err.println(new X500Name(signer
+ .getIssuerX500Principal().getName()));
+ System.err.println(signer.getSerialNumber());
+
+ SignerInfo signerInfo = new SignerInfo(
+ new X500Name(signer.getIssuerX500Principal().getName()),
+ signer.getSerialNumber(),
+ AlgorithmId.get("SHA-1"), AlgorithmId.get("RSA"), sig.sign());
+
+ SignerInfo[] signerInfos = {signerInfo};
+ PKCS7 p7 = new PKCS7(algorithms, contentInfo,
+ signerCertificateChain, signerInfos);
+ ByteArrayOutputStream p7out = new ByteArrayOutputStream();
+ p7.encodeSignedData(p7out);
+
+ DerOutputStream response = new DerOutputStream();
+ response.write(DerValue.tag_Sequence, statusInfo);
+ response.putDerValue(new DerValue(p7out.toByteArray()));
+
+ DerOutputStream out = new DerOutputStream();
+ out.write(DerValue.tag_Sequence, response);
+
+ return out.toByteArray();
+ }
+
+ private Handler(HttpServer httpServer, String keystore) {
+ this.httpServer = httpServer;
+ this.keystore = keystore;
+ }
+
+ /**
+ * Initialize TSA instance.
+ *
+ * Extended Key Info extension of certificate that is used for
+ * signing TSA responses should contain timeStamping value.
+ */
+ static Handler init(int port, String keystore) throws IOException {
+ HttpServer httpServer = HttpServer.create(
+ new InetSocketAddress(port), 0);
+ Handler tsa = new Handler(httpServer, keystore);
+ httpServer.createContext("/", tsa);
+ return tsa;
+ }
+
+ /**
+ * Start TSA service.
+ */
+ void start() {
+ httpServer.start();
+ }
+
+ /**
+ * Stop TSA service.
+ */
+ void stop() {
+ httpServer.stop(0);
+ }
+
+ /**
+ * Return server port number.
+ */
+ int getPort() {
+ return httpServer.getAddress().getPort();
+ }
+
+ @Override
+ public void close() throws Exception {
+ stop();
+ }
+ }
+
+ public static void main(String[] args) throws Throwable {
+
+ prepare();
+
+ try (Handler tsa = Handler.init(0, "tsks");) {
+ tsa.start();
+ int port = tsa.getPort();
+ host = "http://localhost:" + port + "/";
+
+ if (args.length == 0) { // Run this test
+ sign("none")
+ .shouldContain("is not timestamped")
+ .shouldHaveExitValue(0);
+
+ sign("badku")
+ .shouldHaveExitValue(0);
+ checkBadKU("badku.jar");
+
+ sign("normal")
+ .shouldNotContain("is not timestamped")
+ .shouldHaveExitValue(0);
+
+ sign("nononce")
+ .shouldHaveExitValue(1);
+ sign("diffnonce")
+ .shouldHaveExitValue(1);
+ sign("baddigest")
+ .shouldHaveExitValue(1);
+ sign("diffalg")
+ .shouldHaveExitValue(1);
+ sign("fullchain")
+ .shouldHaveExitValue(0); // Success, 6543440 solved.
+ sign("bad1")
+ .shouldHaveExitValue(1);
+ sign("bad2")
+ .shouldHaveExitValue(1);
+ sign("bad3")
+ .shouldHaveExitValue(1);
+ sign("nocert")
+ .shouldHaveExitValue(1);
+
+ sign("policy", "-tsapolicyid", "1.2.3")
+ .shouldHaveExitValue(0);
+ checkTimestamp("policy.jar", "1.2.3", "SHA-256");
+
+ sign("diffpolicy", "-tsapolicyid", "1.2.3")
+ .shouldHaveExitValue(1);
+
+ sign("tsaalg", "-tsadigestalg", "SHA")
+ .shouldHaveExitValue(0);
+ checkTimestamp("tsaalg.jar", defaultPolicyId, "SHA-1");
+
+ sign("weak", "-digestalg", "MD5",
+ "-sigalg", "MD5withRSA", "-tsadigestalg", "MD5")
+ .shouldHaveExitValue(0)
+ .shouldMatch("MD5.*-digestalg.*risk")
+ .shouldMatch("MD5.*-tsadigestalg.*risk")
+ .shouldMatch("MD5withRSA.*-sigalg.*risk");
+ checkWeak("weak.jar");
+
+ signWithAliasAndTsa("halfWeak", "old.jar", "old", "-digestalg", "MD5")
+ .shouldHaveExitValue(0);
+ checkHalfWeak("halfWeak.jar");
+
+ // sign with DSA key
+ signWithAliasAndTsa("sign1", "old.jar", "dsakey")
+ .shouldHaveExitValue(0);
+ // sign with RSAkeysize < 1024
+ signWithAliasAndTsa("sign2", "sign1.jar", "weakkeysize")
+ .shouldHaveExitValue(0);
+ checkMultiple("sign2.jar");
+
+ // When .SF or .RSA is missing or invalid
+ checkMissingOrInvalidFiles("normal.jar");
+ } else { // Run as a standalone server
+ System.err.println("Press Enter to quit server");
+ System.in.read();
+ }
+ }
+ }
+
+ private static void checkMissingOrInvalidFiles(String s)
+ throws Throwable {
+ JarUtils.updateJar(s, "1.jar", "-", "META-INF/OLD.SF");
+ verify("1.jar", "-verbose")
+ .shouldHaveExitValue(0)
+ .shouldContain("treated as unsigned")
+ .shouldContain("Missing signature-related file META-INF/OLD.SF");
+ JarUtils.updateJar(s, "2.jar", "-", "META-INF/OLD.RSA");
+ verify("2.jar", "-verbose")
+ .shouldHaveExitValue(0)
+ .shouldContain("treated as unsigned")
+ .shouldContain("Missing block file for signature-related file META-INF/OLD.SF");
+ JarUtils.updateJar(s, "3.jar", "META-INF/OLD.SF");
+ verify("3.jar", "-verbose")
+ .shouldHaveExitValue(0)
+ .shouldContain("treated as unsigned")
+ .shouldContain("Unparsable signature-related file META-INF/OLD.SF");
+ JarUtils.updateJar(s, "4.jar", "META-INF/OLD.RSA");
+ verify("4.jar", "-verbose")
+ .shouldHaveExitValue(0)
+ .shouldContain("treated as unsigned")
+ .shouldContain("Unparsable signature-related file META-INF/OLD.RSA");
+ }
+
+ static OutputAnalyzer jarsigner(List<String> extra)
+ throws Throwable {
+ JDKToolLauncher launcher = JDKToolLauncher.createUsingTestJDK("jarsigner")
+ .addVMArg("-Duser.language=en")
+ .addVMArg("-Duser.country=US")
+ .addToolArg("-keystore")
+ .addToolArg("tsks")
+ .addToolArg("-storepass")
+ .addToolArg("changeit");
+ for (String s : extra) {
+ if (s.startsWith("-J")) {
+ launcher.addVMArg(s.substring(2));
+ } else {
+ launcher.addToolArg(s);
+ }
+ }
+ return ProcessTools.executeCommand(launcher.getCommand());
+ }
+
+ static OutputAnalyzer verify(String file, String... extra)
+ throws Throwable {
+ List<String> args = new ArrayList<>();
+ args.add("-verify");
+ args.add(file);
+ args.addAll(Arrays.asList(extra));
+ return jarsigner(args);
+ }
+
+ static void checkBadKU(String file) throws Throwable {
+ verify(file)
+ .shouldHaveExitValue(0)
+ .shouldContain("treated as unsigned")
+ .shouldContain("re-run jarsigner with debug enabled");
+ verify(file, "-verbose")
+ .shouldHaveExitValue(0)
+ .shouldContain("Signed by")
+ .shouldContain("treated as unsigned")
+ .shouldContain("re-run jarsigner with debug enabled");
+ verify(file, "-J-Djava.security.debug=jar")
+ .shouldHaveExitValue(0)
+ .shouldContain("SignatureException: Key usage restricted")
+ .shouldContain("treated as unsigned")
+ .shouldContain("re-run jarsigner with debug enabled");
+ }
+
+ static void checkWeak(String file) throws Throwable {
+ verify(file)
+ .shouldHaveExitValue(0)
+ .shouldContain("treated as unsigned")
+ .shouldMatch("weak algorithm that is now disabled.")
+ .shouldMatch("Re-run jarsigner with the -verbose option for more details");
+ verify(file, "-verbose")
+ .shouldHaveExitValue(0)
+ .shouldContain("treated as unsigned")
+ .shouldMatch("weak algorithm that is now disabled by")
+ .shouldMatch("Digest algorithm: .*weak")
+ .shouldMatch("Signature algorithm: .*weak")
+ .shouldMatch("Timestamp digest algorithm: .*weak")
+ .shouldNotMatch("Timestamp signature algorithm: .*weak.*weak")
+ .shouldMatch("Timestamp signature algorithm: .*key.*weak");
+ verify(file, "-J-Djava.security.debug=jar")
+ .shouldHaveExitValue(0)
+ .shouldMatch("SignatureException:.*disabled");
+
+ // For 8171319: keytool should print out warnings when reading or
+ // generating cert/cert req using weak algorithms.
+ // Must call keytool the command, otherwise doPrintCert() might not
+ // be able to reset "jdk.certpath.disabledAlgorithms".
+ String sout = SecurityTools.keytool("-printcert -jarfile weak.jar")
+ .stderrShouldContain("The TSA certificate uses a 512-bit RSA key" +
+ " which is considered a security risk.")
+ .getStdout();
+ if (sout.indexOf("weak", sout.indexOf("Timestamp:")) < 0) {
+ throw new RuntimeException("timestamp not weak: " + sout);
+ }
+ }
+
+ static void checkHalfWeak(String file) throws Throwable {
+ verify(file)
+ .shouldHaveExitValue(0)
+ .shouldContain("treated as unsigned")
+ .shouldMatch("weak algorithm that is now disabled.")
+ .shouldMatch("Re-run jarsigner with the -verbose option for more details");
+ verify(file, "-verbose")
+ .shouldHaveExitValue(0)
+ .shouldContain("treated as unsigned")
+ .shouldMatch("weak algorithm that is now disabled by")
+ .shouldMatch("Digest algorithm: .*weak")
+ .shouldNotMatch("Signature algorithm: .*weak")
+ .shouldNotMatch("Timestamp digest algorithm: .*weak")
+ .shouldNotMatch("Timestamp signature algorithm: .*weak.*weak")
+ .shouldNotMatch("Timestamp signature algorithm: .*key.*weak");
+ }
+
+ static void checkMultiple(String file) throws Throwable {
+ verify(file)
+ .shouldHaveExitValue(0)
+ .shouldContain("jar verified");
+ verify(file, "-verbose", "-certs")
+ .shouldHaveExitValue(0)
+ .shouldContain("jar verified")
+ .shouldMatch("X.509.*CN=dsakey")
+ .shouldNotMatch("X.509.*CN=weakkeysize")
+ .shouldMatch("Signed by .*CN=dsakey")
+ .shouldMatch("Signed by .*CN=weakkeysize")
+ .shouldMatch("Signature algorithm: .*key.*weak");
+ }
+
+ static void checkTimestamp(String file, String policyId, String digestAlg)
+ throws Exception {
+ try (JarFile jf = new JarFile(file)) {
+ JarEntry je = jf.getJarEntry("META-INF/OLD.RSA");
+ try (InputStream is = jf.getInputStream(je)) {
+ byte[] content = is.readAllBytes();
+ PKCS7 p7 = new PKCS7(content);
+ SignerInfo[] si = p7.getSignerInfos();
+ if (si == null || si.length == 0) {
+ throw new Exception("Not signed");
+ }
+ PKCS9Attribute p9 = si[0].getUnauthenticatedAttributes()
+ .getAttribute(PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_OID);
+ PKCS7 tsToken = new PKCS7((byte[]) p9.getValue());
+ TimestampToken tt =
+ new TimestampToken(tsToken.getContentInfo().getData());
+ if (!tt.getHashAlgorithm().toString().equals(digestAlg)) {
+ throw new Exception("Digest alg different");
+ }
+ if (!tt.getPolicyID().equals(policyId)) {
+ throw new Exception("policyId different");
+ }
+ }
+ }
+ }
+
+ static int which = 0;
+
+ /**
+ * @param extra more args given to jarsigner
+ */
+ static OutputAnalyzer sign(String path, String... extra)
+ throws Throwable {
+ String alias = path.equals("badku") ? "badku" : "old";
+ return signWithAliasAndTsa(path, "old.jar", alias, extra);
+ }
+
+ static OutputAnalyzer signWithAliasAndTsa (String path, String jar,
+ String alias, String...extra) throws Throwable {
+ which++;
+ System.err.println("\n>> Test #" + which + ": " + Arrays.toString(extra));
+ List<String> args = List.of("-J-Djava.security.egd=file:/dev/./urandom",
+ "-debug", "-signedjar", path + ".jar", jar, alias);
+ args = new ArrayList<>(args);
+ if (!path.equals("none") && !path.equals("badku")) {
+ args.add("-tsa");
+ args.add(host + path);
+ }
+ args.addAll(Arrays.asList(extra));
+ return jarsigner(args);
+ }
+
+ static void prepare() throws Exception {
+ JarUtils.createJar("old.jar", "A");
+ Files.deleteIfExists(Paths.get("tsks"));
+ keytool("-alias ca -genkeypair -ext bc -dname CN=CA");
+ keytool("-alias old -genkeypair -dname CN=old");
+ keytool("-alias dsakey -genkeypair -keyalg DSA -dname CN=dsakey");
+ keytool("-alias weakkeysize -genkeypair -keysize 512 -dname CN=weakkeysize");
+ keytool("-alias badku -genkeypair -dname CN=badku");
+ keytool("-alias ts -genkeypair -dname CN=ts");
+ keytool("-alias tsweak -genkeypair -keysize 512 -dname CN=tsbad1");
+ keytool("-alias tsbad1 -genkeypair -dname CN=tsbad1");
+ keytool("-alias tsbad2 -genkeypair -dname CN=tsbad2");
+ keytool("-alias tsbad3 -genkeypair -dname CN=tsbad3");
+
+ gencert("old");
+ gencert("dsakey");
+ gencert("weakkeysize");
+ gencert("badku", "-ext ku:critical=keyAgreement");
+ gencert("ts", "-ext eku:critical=ts");
+ gencert("tsweak", "-ext eku:critical=ts");
+ gencert("tsbad1");
+ gencert("tsbad2", "-ext eku=ts");
+ gencert("tsbad3", "-ext eku:critical=cs");
+ }
+
+ static void gencert(String alias, String... extra) throws Exception {
+ keytool("-alias " + alias + " -certreq -file " + alias + ".req");
+ String genCmd = "-gencert -alias ca -infile " +
+ alias + ".req -outfile " + alias + ".cert";
+ for (String s : extra) {
+ genCmd += " " + s;
+ }
+ keytool(genCmd);
+ keytool("-alias " + alias + " -importcert -file " + alias + ".cert");
+ }
+
+ static void keytool(String cmd) throws Exception {
+ cmd = "-keystore tsks -storepass changeit -keypass changeit " +
+ "-keyalg rsa -validity 200 " + cmd;
+ sun.security.tools.keytool.Main.main(cmd.split(" "));
+ }
+}