33 import java.security.KeyStore;
34 import java.security.KeyStoreException;
35 import java.security.MessageDigest;
36 import java.security.Key;
37 import java.security.PublicKey;
38 import java.security.PrivateKey;
39 import java.security.Security;
40 import java.security.Signature;
41 import java.security.Timestamp;
42 import java.security.UnrecoverableEntryException;
43 import java.security.UnrecoverableKeyException;
44 import java.security.NoSuchAlgorithmException;
45 import java.security.Principal;
46 import java.security.Provider;
47 import java.security.cert.Certificate;
48 import java.security.cert.CertificateFactory;
49 import java.security.cert.CertStoreException;
50 import java.security.cert.CRL;
51 import java.security.cert.X509Certificate;
52 import java.security.cert.CertificateException;
53 import java.security.spec.AlgorithmParameterSpec;
54 import java.text.Collator;
55 import java.text.MessageFormat;
56 import java.util.*;
57 import java.util.jar.JarEntry;
58 import java.util.jar.JarFile;
59 import java.lang.reflect.Constructor;
60 import java.math.BigInteger;
61 import java.net.URI;
62 import java.net.URL;
63 import java.net.URLClassLoader;
64 import java.security.cert.CertStore;
65
66 import java.security.cert.X509CRL;
67 import java.security.cert.X509CRLEntry;
68 import java.security.cert.X509CRLSelector;
69 import javax.security.auth.x500.X500Principal;
70 import java.util.Base64;
71
72 import sun.security.util.DisabledAlgorithmConstraints;
73 import sun.security.util.KeyUtil;
74 import sun.security.util.ObjectIdentifier;
75 import sun.security.pkcs10.PKCS10;
76 import sun.security.pkcs10.PKCS10Attribute;
77 import sun.security.provider.X509Factory;
78 import sun.security.provider.certpath.CertStoreHelper;
79 import sun.security.util.Password;
80 import sun.security.util.SecurityProviderConstants;
81 import sun.security.util.SignatureUtil;
82 import javax.crypto.KeyGenerator;
83 import javax.crypto.SecretKey;
84 import javax.crypto.SecretKeyFactory;
85 import javax.crypto.spec.PBEKeySpec;
86
87 import sun.security.pkcs.PKCS9Attribute;
88 import sun.security.tools.KeyStoreUtil;
89 import sun.security.tools.PathList;
90 import sun.security.util.DerValue;
91 import sun.security.util.Pem;
92 import sun.security.x509.*;
93
3072 keyPass = otherKeyPass;
3073 }
3074 count++;
3075 } while ((keyPass == null) && count < 3);
3076
3077 if (keyPass == null) {
3078 throw new Exception(rb.getString("Too.many.failures.try.later"));
3079 }
3080
3081 return keyPass;
3082 }
3083
3084 private String withWeak(String alg) {
3085 if (DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, alg, null)) {
3086 return alg;
3087 } else {
3088 return String.format(rb.getString("with.weak"), alg);
3089 }
3090 }
3091
3092 private String withWeak(PublicKey key) {
3093 if (DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, key)) {
3094 return String.format(rb.getString("key.bit"),
3095 KeyUtil.getKeySize(key), key.getAlgorithm());
3096 } else {
3097 return String.format(rb.getString("key.bit.weak"),
3098 KeyUtil.getKeySize(key), key.getAlgorithm());
3099 }
3100 }
3101
3102 /**
3103 * Prints a certificate in a human readable format.
3104 */
3105 private void printX509Cert(X509Certificate cert, PrintStream out)
3106 throws Exception
3107 {
3108 /*
3109 out.println("Owner: "
3110 + cert.getSubjectDN().toString()
3111 + "\n"
4362 if (caks != null && caks.getCertificateAlias(cert) != null) {
4363 return true;
4364 } else {
4365 String inKS = keyStore.getCertificateAlias(cert);
4366 return inKS != null && keyStore.isCertificateEntry(inKS);
4367 }
4368 }
4369
4370 private void checkWeak(String label, String sigAlg, Key key) {
4371
4372 if (sigAlg != null && !DISABLED_CHECK.permits(
4373 SIG_PRIMITIVE_SET, sigAlg, null)) {
4374 weakWarnings.add(String.format(
4375 rb.getString("whose.sigalg.risk"), label, sigAlg));
4376 }
4377 if (key != null && !DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, key)) {
4378 weakWarnings.add(String.format(
4379 rb.getString("whose.key.risk"),
4380 label,
4381 String.format(rb.getString("key.bit"),
4382 KeyUtil.getKeySize(key), key.getAlgorithm())));
4383 }
4384 }
4385
4386 private void checkWeak(String label, Certificate[] certs)
4387 throws KeyStoreException {
4388 for (int i = 0; i < certs.length; i++) {
4389 Certificate cert = certs[i];
4390 if (cert instanceof X509Certificate) {
4391 X509Certificate xc = (X509Certificate)cert;
4392 String fullLabel = label;
4393 if (certs.length > 1) {
4394 fullLabel = oneInMany(label, i, certs.length);
4395 }
4396 checkWeak(fullLabel, xc);
4397 }
4398 }
4399 }
4400
4401 private void checkWeak(String label, Certificate cert)
4402 throws KeyStoreException {
|
33 import java.security.KeyStore;
34 import java.security.KeyStoreException;
35 import java.security.MessageDigest;
36 import java.security.Key;
37 import java.security.PublicKey;
38 import java.security.PrivateKey;
39 import java.security.Security;
40 import java.security.Signature;
41 import java.security.Timestamp;
42 import java.security.UnrecoverableEntryException;
43 import java.security.UnrecoverableKeyException;
44 import java.security.NoSuchAlgorithmException;
45 import java.security.Principal;
46 import java.security.Provider;
47 import java.security.cert.Certificate;
48 import java.security.cert.CertificateFactory;
49 import java.security.cert.CertStoreException;
50 import java.security.cert.CRL;
51 import java.security.cert.X509Certificate;
52 import java.security.cert.CertificateException;
53 import java.security.interfaces.ECKey;
54 import java.security.spec.AlgorithmParameterSpec;
55 import java.security.spec.ECParameterSpec;
56 import java.text.Collator;
57 import java.text.MessageFormat;
58 import java.util.*;
59 import java.util.jar.JarEntry;
60 import java.util.jar.JarFile;
61 import java.lang.reflect.Constructor;
62 import java.math.BigInteger;
63 import java.net.URI;
64 import java.net.URL;
65 import java.net.URLClassLoader;
66 import java.security.cert.CertStore;
67
68 import java.security.cert.X509CRL;
69 import java.security.cert.X509CRLEntry;
70 import java.security.cert.X509CRLSelector;
71 import javax.security.auth.x500.X500Principal;
72 import java.util.Base64;
73
74 import sun.security.util.DisabledAlgorithmConstraints;
75 import sun.security.util.KeyUtil;
76 import sun.security.util.NamedCurve;
77 import sun.security.util.ObjectIdentifier;
78 import sun.security.pkcs10.PKCS10;
79 import sun.security.pkcs10.PKCS10Attribute;
80 import sun.security.provider.X509Factory;
81 import sun.security.provider.certpath.CertStoreHelper;
82 import sun.security.util.Password;
83 import sun.security.util.SecurityProviderConstants;
84 import sun.security.util.SignatureUtil;
85 import javax.crypto.KeyGenerator;
86 import javax.crypto.SecretKey;
87 import javax.crypto.SecretKeyFactory;
88 import javax.crypto.spec.PBEKeySpec;
89
90 import sun.security.pkcs.PKCS9Attribute;
91 import sun.security.tools.KeyStoreUtil;
92 import sun.security.tools.PathList;
93 import sun.security.util.DerValue;
94 import sun.security.util.Pem;
95 import sun.security.x509.*;
96
3075 keyPass = otherKeyPass;
3076 }
3077 count++;
3078 } while ((keyPass == null) && count < 3);
3079
3080 if (keyPass == null) {
3081 throw new Exception(rb.getString("Too.many.failures.try.later"));
3082 }
3083
3084 return keyPass;
3085 }
3086
3087 private String withWeak(String alg) {
3088 if (DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, alg, null)) {
3089 return alg;
3090 } else {
3091 return String.format(rb.getString("with.weak"), alg);
3092 }
3093 }
3094
3095 private String fullDisplayAlgName(Key key) {
3096 String result = key.getAlgorithm();
3097 if (key instanceof ECKey) {
3098 ECParameterSpec paramSpec = ((ECKey) key).getParams();
3099 if (paramSpec instanceof NamedCurve) {
3100 result += " (" + paramSpec.toString().split(" ")[0] + ")";
3101 }
3102 }
3103 return result;
3104 }
3105
3106 private String withWeak(PublicKey key) {
3107 if (DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, key)) {
3108 return String.format(rb.getString("key.bit"),
3109 KeyUtil.getKeySize(key), key.getAlgorithm());
3110 } else {
3111 return String.format(rb.getString("key.bit.weak"),
3112 KeyUtil.getKeySize(key), key.getAlgorithm());
3113 }
3114 }
3115
3116 /**
3117 * Prints a certificate in a human readable format.
3118 */
3119 private void printX509Cert(X509Certificate cert, PrintStream out)
3120 throws Exception
3121 {
3122 /*
3123 out.println("Owner: "
3124 + cert.getSubjectDN().toString()
3125 + "\n"
4376 if (caks != null && caks.getCertificateAlias(cert) != null) {
4377 return true;
4378 } else {
4379 String inKS = keyStore.getCertificateAlias(cert);
4380 return inKS != null && keyStore.isCertificateEntry(inKS);
4381 }
4382 }
4383
4384 private void checkWeak(String label, String sigAlg, Key key) {
4385
4386 if (sigAlg != null && !DISABLED_CHECK.permits(
4387 SIG_PRIMITIVE_SET, sigAlg, null)) {
4388 weakWarnings.add(String.format(
4389 rb.getString("whose.sigalg.risk"), label, sigAlg));
4390 }
4391 if (key != null && !DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, key)) {
4392 weakWarnings.add(String.format(
4393 rb.getString("whose.key.risk"),
4394 label,
4395 String.format(rb.getString("key.bit"),
4396 KeyUtil.getKeySize(key), fullDisplayAlgName(key))));
4397 }
4398 }
4399
4400 private void checkWeak(String label, Certificate[] certs)
4401 throws KeyStoreException {
4402 for (int i = 0; i < certs.length; i++) {
4403 Certificate cert = certs[i];
4404 if (cert instanceof X509Certificate) {
4405 X509Certificate xc = (X509Certificate)cert;
4406 String fullLabel = label;
4407 if (certs.length > 1) {
4408 fullLabel = oneInMany(label, i, certs.length);
4409 }
4410 checkWeak(fullLabel, xc);
4411 }
4412 }
4413 }
4414
4415 private void checkWeak(String label, Certificate cert)
4416 throws KeyStoreException {
|