-
Bug
-
Resolution: Fixed
-
P4
-
None
-
None
-
b22
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8317485 | 8u351 | Nibedita Jena | P4 | Resolved | Delivered |
jarsigner uses "jdk.jar.disabledAlgorithms" to suggest if a certificate is using weak algorithms but in fact it should be using "jdk.certpath.disabledAlgorithms" in this case.
For example:
1. Suppose you create a signer certificate that's using MD5withRSA as its signature algorithm. Note: this must not be a self-signed cert because jarsigner does not check the signature algorithm of such a cert.
2. Sign a JAR file with this certificate using default algorithms.
Now, remove the MD5 algorithm from "jdk.jar.disabledAlgorithms" and keep it in "jdk.certpath.disabledAlgorithms", run `jarsigner -verify -verbose -certs` on the newly signed JAR file, and it shows:
```
>>> Signer
X.509, CN=ee (ee)
Signature algorithm: MD5withRSA, 2048-bit key
[certificate is valid from 4/28/21, 11:58 AM to 1/23/24, 10:58 AM]
X.509, CN=ca (ca)
Signature algorithm: SHA256withRSA, 2048-bit key
[trusted certificate]
[Invalid certificate chain: Algorithm constraints check failed on signature algorithm: MD5withRSA]
```
The last line comes from CertPath validation check on the cert chain and it correctly detected the weak algorithm (in "jdk.certpath.disabledAlgorithms"), but you can see there is no "disabled" label on the "Signature algorithm" line. This is incorrect and we should make the output consistent.
In fact, reverse the setting to remove MD5 from "jdk.certpath.disabledAlgorithms" but keep it in "jdk.jar.disabledAlgorithms" shows the opposite output which is still inconsistent: There is no CertPath validation error but there's a "disabled" label there.
For example:
1. Suppose you create a signer certificate that's using MD5withRSA as its signature algorithm. Note: this must not be a self-signed cert because jarsigner does not check the signature algorithm of such a cert.
2. Sign a JAR file with this certificate using default algorithms.
Now, remove the MD5 algorithm from "jdk.jar.disabledAlgorithms" and keep it in "jdk.certpath.disabledAlgorithms", run `jarsigner -verify -verbose -certs` on the newly signed JAR file, and it shows:
```
>>> Signer
X.509, CN=ee (ee)
Signature algorithm: MD5withRSA, 2048-bit key
[certificate is valid from 4/28/21, 11:58 AM to 1/23/24, 10:58 AM]
X.509, CN=ca (ca)
Signature algorithm: SHA256withRSA, 2048-bit key
[trusted certificate]
[Invalid certificate chain: Algorithm constraints check failed on signature algorithm: MD5withRSA]
```
The last line comes from CertPath validation check on the cert chain and it correctly detected the weak algorithm (in "jdk.certpath.disabledAlgorithms"), but you can see there is no "disabled" label on the "Signature algorithm" line. This is incorrect and we should make the output consistent.
In fact, reverse the setting to remove MD5 from "jdk.certpath.disabledAlgorithms" but keep it in "jdk.jar.disabledAlgorithms" shows the opposite output which is still inconsistent: There is no CertPath validation error but there's a "disabled" label there.
- backported by
-
JDK-8317485 jarsigner is using incorrect security property to show weakness of certs
- Resolved