1 /*
2 * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 import com.sun.net.httpserver.*;
25 import java.io.BufferedReader;
26 import java.io.ByteArrayOutputStream;
27 import java.io.FileInputStream;
28 import java.io.IOException;
29 import java.io.InputStream;
30 import java.io.InputStreamReader;
31 import java.io.OutputStream;
32 import java.math.BigInteger;
33 import java.net.InetSocketAddress;
34 import java.security.KeyStore;
35 import java.security.PrivateKey;
36 import java.security.Signature;
37 import java.security.cert.Certificate;
38 import java.security.cert.X509Certificate;
39 import java.util.Calendar;
40 import java.util.jar.JarEntry;
41 import java.util.jar.JarFile;
42
43 import sun.misc.IOUtils;
44 import sun.security.pkcs.ContentInfo;
45 import sun.security.pkcs.PKCS7;
46 import sun.security.pkcs.PKCS9Attribute;
47 import sun.security.pkcs.SignerInfo;
48 import sun.security.timestamp.TimestampToken;
49 import sun.security.util.DerOutputStream;
50 import sun.security.util.DerValue;
51 import sun.security.util.ObjectIdentifier;
52 import sun.security.x509.AlgorithmId;
53 import sun.security.x509.X500Name;
54
55 public class TimestampCheck {
56 static final String TSKS = "tsks";
57 static final String JAR = "old.jar";
58
59 static final String defaultPolicyId = "2.3.4.5";
60
61 static class Handler implements HttpHandler {
62 public void handle(HttpExchange t) throws IOException {
63 int len = 0;
64 for (String h: t.getRequestHeaders().keySet()) {
65 if (h.equalsIgnoreCase("Content-length")) {
66 len = Integer.valueOf(t.getRequestHeaders().get(h).get(0));
67 }
68 }
69 byte[] input = new byte[len];
70 t.getRequestBody().read(input);
71
72 try {
73 int path = 0;
74 if (t.getRequestURI().getPath().length() > 1) {
75 path = Integer.parseInt(
76 t.getRequestURI().getPath().substring(1));
77 }
78 byte[] output = sign(input, path);
79 Headers out = t.getResponseHeaders();
80 out.set("Content-Type", "application/timestamp-reply");
81
82 t.sendResponseHeaders(200, output.length);
83 OutputStream os = t.getResponseBody();
84 os.write(output);
85 } catch (Exception e) {
86 e.printStackTrace();
87 t.sendResponseHeaders(500, 0);
88 }
89 t.close();
90 }
91
92 /**
93 * @param input The data to sign
94 * @param path different cases to simulate, impl on URL path
95 * 0: normal
96 * 1: Missing nonce
97 * 2: Different nonce
98 * 3: Bad digets octets in messageImprint
99 * 4: Different algorithmId in messageImprint
100 * 5: whole chain in cert set
101 * 6: extension is missing
102 * 7: extension is non-critical
103 * 8: extension does not have timestamping
104 * 9: no cert in response
105 * 10: normal
106 * 11: always return default policy id
107 * 12: normal
108 * otherwise: normal
109 * @returns the signed
110 */
111 byte[] sign(byte[] input, int path) throws Exception {
112 // Read TSRequest
113 DerValue value = new DerValue(input);
114 System.err.println("\nIncoming Request\n===================");
115 System.err.println("Version: " + value.data.getInteger());
116 DerValue messageImprint = value.data.getDerValue();
117 AlgorithmId aid = AlgorithmId.parse(
118 messageImprint.data.getDerValue());
119 System.err.println("AlgorithmId: " + aid);
120
121 ObjectIdentifier policyId = new ObjectIdentifier(defaultPolicyId);
122 BigInteger nonce = null;
123 while (value.data.available() > 0) {
124 DerValue v = value.data.getDerValue();
125 if (v.tag == DerValue.tag_Integer) {
126 nonce = v.getBigInteger();
127 System.err.println("nonce: " + nonce);
128 } else if (v.tag == DerValue.tag_Boolean) {
129 System.err.println("certReq: " + v.getBoolean());
130 } else if (v.tag == DerValue.tag_ObjectId) {
131 policyId = v.getOID();
132 System.err.println("PolicyID: " + policyId);
133 }
134 }
135
136 // Write TSResponse
137 System.err.println("\nResponse\n===================");
138 KeyStore ks = KeyStore.getInstance("JKS");
139 ks.load(new FileInputStream(TSKS), "changeit".toCharArray());
140
141 String alias = "ts";
142 if (path == 6) alias = "tsbad1";
143 if (path == 7) alias = "tsbad2";
144 if (path == 8) alias = "tsbad3";
145
146 if (path == 11) {
147 policyId = new ObjectIdentifier(defaultPolicyId);
148 }
149
150 DerOutputStream statusInfo = new DerOutputStream();
151 statusInfo.putInteger(0);
152
153 DerOutputStream token = new DerOutputStream();
154 AlgorithmId[] algorithms = {aid};
155 Certificate[] chain = ks.getCertificateChain(alias);
156 X509Certificate[] signerCertificateChain = null;
157 X509Certificate signer = (X509Certificate)chain[0];
158 if (path == 5) { // Only case 5 uses full chain
159 signerCertificateChain = new X509Certificate[chain.length];
160 for (int i=0; i<chain.length; i++) {
161 signerCertificateChain[i] = (X509Certificate)chain[i];
162 }
163 } else if (path == 9) {
164 signerCertificateChain = new X509Certificate[0];
165 } else {
166 signerCertificateChain = new X509Certificate[1];
167 signerCertificateChain[0] = (X509Certificate)chain[0];
168 }
169
170 DerOutputStream tst = new DerOutputStream();
171
172 tst.putInteger(1);
173 tst.putOID(policyId);
174
175 if (path != 3 && path != 4) {
176 tst.putDerValue(messageImprint);
177 } else {
178 byte[] data = messageImprint.toByteArray();
179 if (path == 4) {
180 data[6] = (byte)0x01;
181 } else {
182 data[data.length-1] = (byte)0x01;
183 data[data.length-2] = (byte)0x02;
184 data[data.length-3] = (byte)0x03;
185 }
186 tst.write(data);
187 }
188
189 tst.putInteger(1);
190
191 Calendar cal = Calendar.getInstance();
192 tst.putGeneralizedTime(cal.getTime());
193
194 if (path == 2) {
195 tst.putInteger(1234);
196 } else if (path == 1) {
197 // do nothing
198 } else {
199 tst.putInteger(nonce);
200 }
201
202 DerOutputStream tstInfo = new DerOutputStream();
203 tstInfo.write(DerValue.tag_Sequence, tst);
204
205 DerOutputStream tstInfo2 = new DerOutputStream();
206 tstInfo2.putOctetString(tstInfo.toByteArray());
207
208 Signature sig = Signature.getInstance("SHA1withRSA");
209 sig.initSign((PrivateKey)(ks.getKey(
210 alias, "changeit".toCharArray())));
211 sig.update(tstInfo.toByteArray());
212
213 ContentInfo contentInfo = new ContentInfo(new ObjectIdentifier(
214 "1.2.840.113549.1.9.16.1.4"),
215 new DerValue(tstInfo2.toByteArray()));
216
217 System.err.println("Signing...");
218 System.err.println(new X500Name(signer
219 .getIssuerX500Principal().getName()));
220 System.err.println(signer.getSerialNumber());
221
222 SignerInfo signerInfo = new SignerInfo(
223 new X500Name(signer.getIssuerX500Principal().getName()),
224 signer.getSerialNumber(),
225 aid, AlgorithmId.get("RSA"), sig.sign());
226
227 SignerInfo[] signerInfos = {signerInfo};
228 PKCS7 p7 =
229 new PKCS7(algorithms, contentInfo, signerCertificateChain,
230 signerInfos);
231 ByteArrayOutputStream p7out = new ByteArrayOutputStream();
232 p7.encodeSignedData(p7out);
233
234 DerOutputStream response = new DerOutputStream();
235 response.write(DerValue.tag_Sequence, statusInfo);
236 response.putDerValue(new DerValue(p7out.toByteArray()));
237
238 DerOutputStream out = new DerOutputStream();
239 out.write(DerValue.tag_Sequence, response);
240
241 return out.toByteArray();
242 }
243 }
244
245 public static void main(String[] args) throws Exception {
246
247 Handler h = new Handler();
248 HttpServer server = HttpServer.create(new InetSocketAddress(0), 0);
249 int port = server.getAddress().getPort();
250 HttpContext ctx = server.createContext("/", h);
251 server.start();
252
253 String cmd = null;
254 // Use -J-Djava.security.egd=file:/dev/./urandom to speed up
255 // nonce generation in timestamping request. Not avaibale on
256 // Windows and defaults to thread seed generator, not too bad.
257 if (System.getProperty("java.home").endsWith("jre")) {
258 cmd = System.getProperty("java.home") + "/../bin/jarsigner";
259 } else {
260 cmd = System.getProperty("java.home") + "/bin/jarsigner";
261 }
262
263 cmd += " " + System.getProperty("test.tool.vm.opts") +
264 " -J-Djava.security.egd=file:/dev/./urandom" +
265 " -debug -keystore " + TSKS + " -storepass changeit" +
266 " -tsa http://localhost:" + port + "/%d" +
267 " -signedjar new_%d.jar " + JAR + " old";
268
269 try {
270 if (args.length == 0) { // Run this test
271 jarsigner(cmd, 0, true); // Success, normal call
272 jarsigner(cmd, 1, false); // These 4 should fail
273 jarsigner(cmd, 2, false);
274 jarsigner(cmd, 3, false);
275 jarsigner(cmd, 4, false);
276 jarsigner(cmd, 5, true); // Success, 6543440 solved.
277 jarsigner(cmd, 6, false); // tsbad1
278 jarsigner(cmd, 7, false); // tsbad2
279 jarsigner(cmd, 8, false); // tsbad3
280 jarsigner(cmd, 9, false); // no cert in timestamp
281 jarsigner(cmd + " -tsapolicyid 1.2.3.4", 10, true);
282 checkTimestamp("new_10.jar", "1.2.3.4", "SHA-256");
283 jarsigner(cmd + " -tsapolicyid 1.2.3.5", 11, false);
284 jarsigner(cmd + " -tsadigestalg SHA", 12, true);
285 checkTimestamp("new_12.jar", defaultPolicyId, "SHA-1");
286 } else { // Run as a standalone server
287 System.err.println("Press Enter to quit server");
288 System.in.read();
289 }
290 } finally {
291 server.stop(0);
292 }
293 }
294
295 static void checkTimestamp(String file, String policyId, String digestAlg)
296 throws Exception {
297 try (JarFile jf = new JarFile(file)) {
298 JarEntry je = jf.getJarEntry("META-INF/OLD.RSA");
299 try (InputStream is = jf.getInputStream(je)) {
300 byte[] content = IOUtils.readFully(is, -1, true);
301 PKCS7 p7 = new PKCS7(content);
302 SignerInfo[] si = p7.getSignerInfos();
303 if (si == null || si.length == 0) {
304 throw new Exception("Not signed");
305 }
306 PKCS9Attribute p9 = si[0].getUnauthenticatedAttributes()
307 .getAttribute(PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_OID);
308 PKCS7 tsToken = new PKCS7((byte[]) p9.getValue());
309 TimestampToken tt =
310 new TimestampToken(tsToken.getContentInfo().getData());
311 if (!tt.getHashAlgorithm().toString().equals(digestAlg)) {
312 throw new Exception("Digest alg different");
313 }
314 if (!tt.getPolicyID().equals(policyId)) {
315 throw new Exception("policyId different");
316 }
317 }
318 }
319 }
320
321 /**
322 * @param cmd the command line (with a hole to plug in)
323 * @param path the path in the URL, i.e, http://localhost/path
324 * @param expected if this command should succeed
325 */
326 static void jarsigner(String cmd, int path, boolean expected)
327 throws Exception {
328 System.err.println("Test " + path);
329 Process p = Runtime.getRuntime().exec(String.format(cmd, path, path));
330 BufferedReader reader = new BufferedReader(
331 new InputStreamReader(p.getErrorStream()));
332 while (true) {
333 String s = reader.readLine();
334 if (s == null) break;
335 System.err.println(s);
336 }
337
338 // Will not see noTimestamp warning
339 boolean seeWarning = false;
340 reader = new BufferedReader(
341 new InputStreamReader(p.getInputStream()));
342 while (true) {
343 String s = reader.readLine();
344 if (s == null) break;
345 System.err.println(s);
346 if (s.indexOf("Warning:") >= 0) {
347 seeWarning = true;
348 }
349 }
350 int result = p.waitFor();
351 if (expected && result != 0 || !expected && result == 0) {
352 throw new Exception("Failed");
353 }
354 if (seeWarning) {
355 throw new Exception("See warning");
356 }
357 }
358 }