RFR: 8273236: keytool does not accurately warn about algorithms that are disabled but have additional constraints

Sean Mullan mullan at openjdk.java.net
Fri Jan 14 16:34:27 UTC 2022 

On Wed, 12 Jan 2022 02:15:45 GMT, Hai-May Chao <hchao at openjdk.org> wrote:

> `keytool` currently uses a simpler scheme in `DisabledAlgorithmConstraints` class when performing algorithm constraints checks. This change is to enhance `keytool` to make use of the new methods `DisabledAlgorithmConstraints.permits` with `CertPathConstraintsParameters` and `checkKey` parameters. For the keyusage in the EE certificate of a certificate chains, set the variant accordingly when calling `CertPathConstraintsParameters` constructor.

src/java.base/share/classes/sun/security/tools/keytool/Main.java line 2198:

> 2196:                         ("Certificate.chain.length.") + chain.length);
> 2197: 
> 2198:                     X509Certificate[] xcerts = convertCerts(chain);

I think you can just cast to an `X509Certificate[]` instead of reparsing all the certificates, i.e.:

`X509Certificate[] xcerts = (X509Certificate[]) chain;`

src/java.base/share/classes/sun/security/tools/keytool/Main.java line 2259:

> 2257:             }
> 2258:             cpcp = new CertPathConstraintsParameters((X509Certificate)cert,
> 2259:                     null,null, null);

Nit - add space between `null,null`.

src/java.base/share/classes/sun/security/tools/keytool/Main.java line 5048:

> 5046:     }
> 5047: 
> 5048:     private TrustAnchor findTrustAnchor(List<X509Certificate> chain) {

I would consider having an initial check that returns `null` if `chain.isEmpty()`. Not sure if that is a valid scenario, but it would avoid an `IndexOOBException` just in case.

src/java.base/share/classes/sun/security/tools/keytool/Resources.java line 486:

> 484:         {"verified.by.s.in.s.weak", "Verified by %1$s in %2$s with a %3$s"},
> 485:         {"whose.sigalg.disabled", "%1$s uses the %2$s signature algorithm which is considered a security risk and is disabled."},
> 486:         {"whose.sigalg.usagesignedjar", "%1$s uses the %2$s signature algorithm which is considered a security risk and cannot be used to sign JARs after 2019-01-01."},

Instead of hard-coding "2019-01-01", we should extract this date from the `denyAfter` attribute of the `jdk.certpath.disabledAlgorithms` security property and pass it in as a parameter.

-------------

PR: https://git.openjdk.java.net/jdk/pull/7039

More information about the security-dev mailing list