Mercurial > hg > openjdk > jdk6 > jdk
changeset 1514:3f4458651202
8049480: Current versions of Java can't verify jars signed and timestamped with Java 9
Reviewed-by: xuelei, mullan
author | weijun |
---|---|
date | Mon, 05 Dec 2016 04:10:41 +0000 |
parents | 5c366f064a45 |
children | 7ab5e1b09299 |
files | src/share/classes/com/sun/crypto/provider/OAEPParameters.java src/share/classes/sun/security/pkcs/SignerInfo.java src/share/classes/sun/security/util/SignatureFileVerifier.java src/share/classes/sun/security/x509/AlgorithmId.java test/sun/security/tools/jarsigner/TimestampAlg.java |
diffstat | 5 files changed, 194 insertions(+), 36 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/com/sun/crypto/provider/OAEPParameters.java Mon Dec 05 03:32:17 2016 +0000 +++ b/src/share/classes/com/sun/crypto/provider/OAEPParameters.java Mon Dec 05 04:10:41 2016 +0000 @@ -105,20 +105,6 @@ } } - private static String convertToStandardName(String internalName) { - if (internalName.equals("SHA")) { - return "SHA-1"; - } else if (internalName.equals("SHA256")) { - return "SHA-256"; - } else if (internalName.equals("SHA384")) { - return "SHA-384"; - } else if (internalName.equals("SHA512")) { - return "SHA-512"; - } else { - return internalName; - } - } - protected void engineInit(byte[] encoded) throws IOException { DerInputStream der = new DerInputStream(encoded); @@ -130,7 +116,7 @@ DerValue data = datum[i]; if (data.isContextSpecific((byte) 0x00)) { // hash algid - mdName = convertToStandardName(AlgorithmId.parse + mdName = AlgorithmId.getStandardDigestName(AlgorithmId.parse (data.data.getDerValue()).getName()); } else if (data.isContextSpecific((byte) 0x01)) { // mgf algid @@ -139,7 +125,8 @@ throw new IOException("Only MGF1 mgf is supported"); } AlgorithmId params = AlgorithmId.parse(new DerValue(val.getEncodedParams())); - String mgfDigestName = convertToStandardName(params.getName()); + String mgfDigestName = AlgorithmId.getStandardDigestName( + params.getName()); if (mgfDigestName.equals("SHA-1")) { mgfSpec = MGF1ParameterSpec.SHA1; } else if (mgfDigestName.equals("SHA-224")) {
--- a/src/share/classes/sun/security/pkcs/SignerInfo.java Mon Dec 05 03:32:17 2016 +0000 +++ b/src/share/classes/sun/security/pkcs/SignerInfo.java Mon Dec 05 04:10:41 2016 +0000 @@ -272,24 +272,6 @@ return certList; } - // Copied from com.sun.crypto.provider.OAEPParameters. - private static String convertToStandardName(String internalName) { - if (internalName.equals("SHA")) { - return "SHA-1"; - } else if (internalName.equals("SHA224")) { - return "SHA-224"; - } else if (internalName.equals("SHA256")) { - return "SHA-256"; - } else if (internalName.equals("SHA384")) { - return "SHA-384"; - } else if (internalName.equals("SHA512")) { - return "SHA-512"; - } else { - return internalName; - } - } - - /* Returns null if verify fails, this signerInfo if verify succeeds. */ SignerInfo verify(PKCS7 block, byte[] data) @@ -329,7 +311,7 @@ return null; MessageDigest md = MessageDigest.getInstance( - convertToStandardName(digestAlgname)); + AlgorithmId.getStandardDigestName(digestAlgname)); byte[] computedMessageDigest = md.digest(data); if (messageDigest.length != computedMessageDigest.length)
--- a/src/share/classes/sun/security/util/SignatureFileVerifier.java Mon Dec 05 03:32:17 2016 +0000 +++ b/src/share/classes/sun/security/util/SignatureFileVerifier.java Mon Dec 05 04:10:41 2016 +0000 @@ -41,6 +41,7 @@ import sun.misc.BASE64Decoder; import sun.security.jca.Providers; +import sun.security.x509.AlgorithmId; public class SignatureFileVerifier { @@ -612,7 +613,8 @@ throws NoSuchAlgorithmException, SignatureException { MessageDigest md = - MessageDigest.getInstance(token.getHashAlgorithm().getName()); + MessageDigest.getInstance(AlgorithmId.getStandardDigestName( + token.getHashAlgorithm().getName())); if (!Arrays.equals(token.getHashedMessage(), md.digest(signature))) { throw new SignatureException("Signature timestamp (#" +
--- a/src/share/classes/sun/security/x509/AlgorithmId.java Mon Dec 05 03:32:17 2016 +0000 +++ b/src/share/classes/sun/security/x509/AlgorithmId.java Mon Dec 05 04:10:41 2016 +0000 @@ -977,4 +977,21 @@ } return null; } + + // Copied from com.sun.crypto.provider.OAEPParameters.convertToStandardName() + public static String getStandardDigestName(String internalName) { + if (internalName.equals("SHA")) { + return "SHA-1"; + } else if (internalName.equals("SHA224")) { + return "SHA-224"; + } else if (internalName.equals("SHA256")) { + return "SHA-256"; + } else if (internalName.equals("SHA384")) { + return "SHA-384"; + } else if (internalName.equals("SHA512")) { + return "SHA-512"; + } else { + return internalName; + } + } }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/tools/jarsigner/TimestampAlg.java Mon Dec 05 04:10:41 2016 +0000 @@ -0,0 +1,170 @@ +/* + * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/** + * @test + * @bug 8049480 + * @summary Current versions of Java can't verify jars signed and timestamped with Java 9 + */ + +import java.io.FileOutputStream; +import java.io.InputStream; +import java.util.jar.JarEntry; +import java.util.jar.JarFile; + +public class TimestampAlg { + + public static void main(String[] args) throws Exception { + // This is a very simple jar file signed by JDK 9 with a timestamp + // using the SHA-256 message digest algorithm. + String var = + "504b0304140008080800c28ee844000000000000000000000000140000004d45" + + "54412d494e462f4d414e49464553542e4d4615cd4d0b82301c80f1fb60df61c7" + + "42666a9928749846f4aa8924745cf9d716b6c59c48df3ebd3e87df73e152d4d0" + + "195a82ee849211716d07a344033750d1f83785d076e830b8be1fb80e15d28096" + + "bca535ef4c058fbe21b34cf3670b2451faab3437a333c708a3947f20220ca362" + + "cfa8e7afe95634e32b22af821df2d6786d5ff637cf3abfe3f05e4190a42779b5" + + "76470532cbd56a798105db4cd01f504b07082c3740c69c000000a6000000504b" + + "0304140008080800c28ee8440000000000000000000000000f0000004d455441" + + "2d494e462f4f4c442e534675cf416f823018c6f13b09dfa1c7ed50575014493c" + + "80bae8a6a091383db6f082955a595b86ecd34fb3db92dd9ed32fff67c74b494d" + + "a300ef41697e9501727ac4b6768b10bbde10cf7809dae03595bcf81d5ce2d018" + + "c5596340072872bdecd02554f17c70f16fc730cfb4a8c6b0ad934fdfb6d0e854" + + "fbb794ecd52eeecbe5e45f394071bd9ef30c34131f87a3e956c561efb0938e56" + + "b7573d5c6cd3599bbe2ddd28acfafe9d992aa006721c758fe2718fe0b6753c6f" + + "e410cca50125a9c005d52607d694e82951341380a657555f1535f7a3cfb6655b" + + "31bd4080c2bf55016a98a8f2512948f7e5968dfbbe495fcca6383bdfe753a467" + + "90ca41a297861544cd270fe807504b0708521a35550201000048010000504b03" + + "04140008080800c28ee844000000000000000000000000100000004d4554412d" + + "494e462f4f4c442e52534185947b38d37d1fc7fdb61923530eb39e688622a77e" + + "5b666ab9939c9544c831ee39d42c9511e576d8c8b9876745b5743b5414268718" + + "b969548e95d61c2224b47423a648393d73dd5d4fe5b9afe7f9f3f3b9deefeff5" + + "bd3e9ff7e7053210ba708476bc55fc6719400292c340a8800cc4460800e06441" + + "1938c23bde0af083c22080b81828fd5d08e430200f4006a41664003772a01000" + + "028145a66e3cba6af9a601a44516246e1d2805873ac1a0f2d093545f70b3920c" + + "ce00248246e04ec20e02e8262a09200e6ff0adfc2f3d0350fbf149d12fa00c40" + + "564cd497823000406cb4ef6571fdec06c95a370fde860e89425861e16e0b19a1" + + "4c6c4f52d6102dd3a6bf45e740d9a0bed342ee5e832885fa1a979dc7e6161253" + + "4c2cda0362e5ec02ae440e44e80c56bffc4ab4f349f3b1f6bddae8c2979fca4b" + + "5e7e46ac2fa529481dd8d750a26dcd7d74deb8dde7fc70c072465af0a1e359af" + + "4cf4b1aaa14fc4238cee096ca3133575d52179a7e7da8990f6ed5da71ca84c37" + + "2d3117c356b1ac2cdde3c8600ead44f8878b2f8f10831f4d5d590a28d95b316c" + + "cf456277a83533e12ea42a14c8fc05da6b2483b74ab7c4e70a2dd60f417d2f97" + + "3359bb233e3d6b5ab60202e7bd7b4fd7f228febd1f0403b0c62f4190b69264bf" + + "72426589ab516d00040a880137b0200654114d4d050943c11490e82d88b38ecd" + + "26a42c027cd749ffe67955e7d9357b81aece4e877d49ee62b8afeed7a755fa9e" + + "786d6edc5d7e5ae3603e5d6e39d0cbc74300c35eb354282842a183159763c67a" + + "35b0b1ac1929e7b8ad510da5aa454d5eb3034cf11d27f594326384873f7c8949" + + "1a7f4a3cfccb892faf873c621292bd597072cdcd732d1ee7490e611ec28c90f9" + + "81bbd71ef0e4b50c4e93869c9af8c9d3d154169bbf8dff7aa706ebac1f6d2589" + + "8078532a9867e31d7f576365bc0c6c132fb7719b58d88ebcf438715768aea361" + + "f7017f614acfaf465e6d794b84e317b2937d66a8f5cea13666d541cce02705a8" + + "cef2d6d2f69b96ac88fec9998228a7c1d96d09c315b29797ecda02250dc7383a" + + "6f2bf75b0f17d48c07afa48c640d3478dd3ad18963c0712003ae27ca3a885a9b" + + "bcef71fef1027e8e228c01885dede0446717674996f8f413f59a5c3f91a001c0" + + "b632f78891424ce58a58df39727a6cc492ea4c94d5f23f6ad1276561d6eb057f" + + "befab3e5baff5dec50224a891fb49c29ab6cd6cab3f7731d097fc3d65e949b33" + + "b7a578f0b379e47a98c0a91b5fb0ce685952a78afc5cfa0e373df4a035c15132" + + "bb62a6387ad8caaadab680b8a169805e49b69e5ad8409de9b7079b6def2af45a" + + "dada5e7cdee4b5359892d1803dfc765dd18849fd0bf44b64866ed654fc117ea6" + + "5e6b1922eff99b73f0c77257e994d307defc9a29cedd1ac7be68a626d6edf96e" + + "c692bdf22ee792369dd535a0dfa7d711396996f692895df223eaaa5f47414f45" + + "b2c3b39d65772575c5cf4a437319b00990011b834b7f1b0c623d048963c07a44" + + "4dfe4f60813d12b5b87f0b16ea0f6e0096e30973075d454238d411260ee2d6a8" + + "61aa68a6bb3119ab837aaa39abd612eab39f9da4665c977e0cff019201a19384" + + "d3222b5a160ffe07340620c10d220998e65d3431411e13916b4e44ae191143fa" + + "be91cb1605ff6d2db96470d220e2af3c40f6ed5d032ee2cfe022bafd240fa1fd" + + "5f6e3567dd9071543e381b57bdd80cb1575a376abcc947495167e61e6e32a1ae" + + "93d416c8bc197b6bda347e6bcc6553839ed0a78d7ac28d57f2f7f8cd857d14e4" + + "497caa1cd34e1829aa7574aa3984ad39934e765598bdf0356c31a8f5c4a316d6" + + "c6beedf3add584c5769a6901a7836d3b32e3a03c58c739a6969e0260a002f463" + + "2773e84174c7faa41086e0d5d0ceaefc4df5a443d4e8af8a462dd67181ce11be" + + "a6ef64ce907252a0d0e6f03ef467e6763c244c48574856017d294607d3f87d5b" + + "0eb9eba2c60dc6c70dddfb837914babf172574ef99a4bb1e361353de4d95c576" + + "c494e1e9bce62d4fd08ad5e731691d1895636525bb79d76b2f1ce07d1604aa95" + + "8d9dfc8b5b6ee01110b3ca2d75181a44c528300ede3c612715c04d7baf786a18" + + "87b5f95861180fa256055b006005b67aa0923a70405c5c022af903f0187b3458" + + "748cc0bdfeac15adcb7029a17883d0f5ef80573caa61574bb66747bc61aae3ca" + + "0c3fe8bcd223d54fd7f5a2270843f9559a99f76aff45d965ba91374fa05a706f" + + "479416999389d4e29eb74a1984a30face935fd2118a580a3cd5a6567c2e21e92" + + "bb358c54822aaa049a8f47712889ee4507ae4ffd150ba50f444f99701c49fa97" + + "72edc44e69cfcda9cffc9f75c49fdb6b28b9699a2567289979dfd42664626232" + + "75b682be2baf3856623e37bb47c15e3e8e084771e4f3e7b53265efbc48e616cd" + + "ed18c4a546de3f5bd793857c9c7a99615161b7cdcca53fa1d4c119a33bb150a4" + + "6e4996450724eed76ae3d2dbc02f147228353241beba27e585a3dd556b8e5c2e" + + "5f4a3328fd214663223ec27d4fb134873a85630026a204ee5e059ee29a807f3f" + + "82ffcd3b2437cc1bf95a6813dec5195b38cd227002c6f5f53dcd1212f7182038" + + "9877b7ddf1ff2c0c65993b9524d3b41eca82ded2b951471c871b741fddd9fdc7" + + "70a79bb91c3d91f3a9aa8f880ec22099418c65654a7e3a25c4d8925e98e1e390" + + "1437e8767c9debf521e5c93ad5026ab8e5ef9696983ba6d0335e17de6ba65747" + + "91a0fb6ecdf20bde55874082a7f19b4332ddbba24d4eb98a9b0e55e4294f37be" + + "edd62a3e3ebccf8ded49f3a029fa76becf3389a386d2d62faca4f85cbb643489" + + "2e2abfd66dbe727f4fe28d8f8d551e0f8f4c8eda346c66d1bc6fa7a68eabdfb7" + + "0d0a34e65910bba73413ad8680dfaa473753ae9e2fd032d8f6cc66d19c57e679" + + "7fcc33cce8df504b0708267c480f1b08000030090000504b0304140008080800" + + "b78ee844000000000000000000000000090004004d4554412d494e462ffeca00" + + "000300504b0708000000000200000000000000504b0304140008080800b78ee8" + + "440000000000000000000000000100000041f3cb2fc9c8cc4be70200504b0708" + + "3c0a34d30a00000008000000504b01021400140008080800c28ee8442c3740c6" + + "9c000000a60000001400000000000000000000000000000000004d4554412d49" + + "4e462f4d414e49464553542e4d46504b01021400140008080800c28ee844521a" + + "355502010000480100000f00000000000000000000000000de0000004d455441" + + "2d494e462f4f4c442e5346504b01021400140008080800c28ee844267c480f1b" + + "0800003009000010000000000000000000000000001d0200004d4554412d494e" + + "462f4f4c442e525341504b01021400140008080800b78ee84400000000020000" + + "00000000000900040000000000000000000000760a00004d4554412d494e462f" + + "feca0000504b01021400140008080800b78ee8443c0a34d30a00000008000000" + + "0100000000000000000000000000b30a000041504b0506000000000500050027" + + "010000ec0a00000000"; + byte[] data = new byte[var.length()/2]; + for (int i=0; i<data.length; i++) { + data[i] = Integer.valueOf(var.substring(2*i,2*i+2), 16).byteValue(); + } + FileOutputStream fos = null; + try { + fos = new FileOutputStream("x.jar"); + fos.write(data, 0, data.length); + } finally { + if (fos != null) { fos.close(); } + } + + JarFile jf = null; + try { + jf = new JarFile("x.jar"); + JarEntry je = jf.getJarEntry("A"); + InputStream is = null; + + try { + is = jf.getInputStream(je); + is.read(new byte[10]); + } finally { + if (is != null) { is.close(); } + } + if (je.getCertificates().length != 1) { + throw new Exception(); + } + } finally { + if (jf != null) { jf.close(); } + } + } +}