TimestampCheck.java revision 14887:e9e4a2588d25
1/* 2 * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24import com.sun.net.httpserver.*; 25import java.io.BufferedReader; 26import java.io.ByteArrayOutputStream; 27import java.io.FileInputStream; 28import java.io.IOException; 29import java.io.InputStream; 30import java.io.InputStreamReader; 31import java.io.OutputStream; 32import java.math.BigInteger; 33import java.net.InetSocketAddress; 34import java.security.KeyStore; 35import java.security.PrivateKey; 36import java.security.Signature; 37import java.security.cert.Certificate; 38import java.security.cert.X509Certificate; 39import java.util.Calendar; 40import java.util.jar.JarEntry; 41import java.util.jar.JarFile; 42import java.util.Locale; 43 44import sun.security.pkcs.ContentInfo; 45import sun.security.pkcs.PKCS7; 46import sun.security.pkcs.PKCS9Attribute; 47import sun.security.pkcs.SignerInfo; 48import sun.security.timestamp.TimestampToken; 49import sun.security.util.DerOutputStream; 50import sun.security.util.DerValue; 51import sun.security.util.ObjectIdentifier; 52import sun.security.x509.AlgorithmId; 53import sun.security.x509.X500Name; 54 55public class TimestampCheck { 56 static final String TSKS = "tsks"; 57 static final String JAR = "old.jar"; 58 59 static final String defaultPolicyId = "2.3.4.5"; 60 61 static class Handler implements HttpHandler, AutoCloseable { 62 63 private final HttpServer httpServer; 64 private final String keystore; 65 66 @Override 67 public void handle(HttpExchange t) throws IOException { 68 int len = 0; 69 for (String h: t.getRequestHeaders().keySet()) { 70 if (h.equalsIgnoreCase("Content-length")) { 71 len = Integer.valueOf(t.getRequestHeaders().get(h).get(0)); 72 } 73 } 74 byte[] input = new byte[len]; 75 t.getRequestBody().read(input); 76 77 try { 78 int path = 0; 79 if (t.getRequestURI().getPath().length() > 1) { 80 path = Integer.parseInt( 81 t.getRequestURI().getPath().substring(1)); 82 } 83 byte[] output = sign(input, path); 84 Headers out = t.getResponseHeaders(); 85 out.set("Content-Type", "application/timestamp-reply"); 86 87 t.sendResponseHeaders(200, output.length); 88 OutputStream os = t.getResponseBody(); 89 os.write(output); 90 } catch (Exception e) { 91 e.printStackTrace(); 92 t.sendResponseHeaders(500, 0); 93 } 94 t.close(); 95 } 96 97 /** 98 * @param input The data to sign 99 * @param path different cases to simulate, impl on URL path 100 * 0: normal 101 * 1: Missing nonce 102 * 2: Different nonce 103 * 3: Bad digets octets in messageImprint 104 * 4: Different algorithmId in messageImprint 105 * 5: whole chain in cert set 106 * 6: extension is missing 107 * 7: extension is non-critical 108 * 8: extension does not have timestamping 109 * 9: no cert in response 110 * 10: normal 111 * 11: always return default policy id 112 * 12: normal 113 * otherwise: normal 114 * @returns the signed 115 */ 116 byte[] sign(byte[] input, int path) throws Exception { 117 // Read TSRequest 118 DerValue value = new DerValue(input); 119 System.err.println("\nIncoming Request\n==================="); 120 System.err.println("Version: " + value.data.getInteger()); 121 DerValue messageImprint = value.data.getDerValue(); 122 AlgorithmId aid = AlgorithmId.parse( 123 messageImprint.data.getDerValue()); 124 System.err.println("AlgorithmId: " + aid); 125 126 ObjectIdentifier policyId = new ObjectIdentifier(defaultPolicyId); 127 BigInteger nonce = null; 128 while (value.data.available() > 0) { 129 DerValue v = value.data.getDerValue(); 130 if (v.tag == DerValue.tag_Integer) { 131 nonce = v.getBigInteger(); 132 System.err.println("nonce: " + nonce); 133 } else if (v.tag == DerValue.tag_Boolean) { 134 System.err.println("certReq: " + v.getBoolean()); 135 } else if (v.tag == DerValue.tag_ObjectId) { 136 policyId = v.getOID(); 137 System.err.println("PolicyID: " + policyId); 138 } 139 } 140 141 // Write TSResponse 142 System.err.println("\nResponse\n==================="); 143 KeyStore ks = KeyStore.getInstance("JKS"); 144 try (FileInputStream fis = new FileInputStream(keystore)) { 145 ks.load(fis, "changeit".toCharArray()); 146 } 147 148 String alias = "ts"; 149 if (path == 6) alias = "tsbad1"; 150 if (path == 7) alias = "tsbad2"; 151 if (path == 8) alias = "tsbad3"; 152 153 if (path == 11) { 154 policyId = new ObjectIdentifier(defaultPolicyId); 155 } 156 157 DerOutputStream statusInfo = new DerOutputStream(); 158 statusInfo.putInteger(0); 159 160 DerOutputStream token = new DerOutputStream(); 161 AlgorithmId[] algorithms = {aid}; 162 Certificate[] chain = ks.getCertificateChain(alias); 163 X509Certificate[] signerCertificateChain = null; 164 X509Certificate signer = (X509Certificate)chain[0]; 165 if (path == 5) { // Only case 5 uses full chain 166 signerCertificateChain = new X509Certificate[chain.length]; 167 for (int i=0; i<chain.length; i++) { 168 signerCertificateChain[i] = (X509Certificate)chain[i]; 169 } 170 } else if (path == 9) { 171 signerCertificateChain = new X509Certificate[0]; 172 } else { 173 signerCertificateChain = new X509Certificate[1]; 174 signerCertificateChain[0] = (X509Certificate)chain[0]; 175 } 176 177 DerOutputStream tst = new DerOutputStream(); 178 179 tst.putInteger(1); 180 tst.putOID(policyId); 181 182 if (path != 3 && path != 4) { 183 tst.putDerValue(messageImprint); 184 } else { 185 byte[] data = messageImprint.toByteArray(); 186 if (path == 4) { 187 data[6] = (byte)0x01; 188 } else { 189 data[data.length-1] = (byte)0x01; 190 data[data.length-2] = (byte)0x02; 191 data[data.length-3] = (byte)0x03; 192 } 193 tst.write(data); 194 } 195 196 tst.putInteger(1); 197 198 Calendar cal = Calendar.getInstance(); 199 tst.putGeneralizedTime(cal.getTime()); 200 201 if (path == 2) { 202 tst.putInteger(1234); 203 } else if (path == 1) { 204 // do nothing 205 } else { 206 tst.putInteger(nonce); 207 } 208 209 DerOutputStream tstInfo = new DerOutputStream(); 210 tstInfo.write(DerValue.tag_Sequence, tst); 211 212 DerOutputStream tstInfo2 = new DerOutputStream(); 213 tstInfo2.putOctetString(tstInfo.toByteArray()); 214 215 Signature sig = Signature.getInstance("SHA1withRSA"); 216 sig.initSign((PrivateKey)(ks.getKey( 217 alias, "changeit".toCharArray()))); 218 sig.update(tstInfo.toByteArray()); 219 220 ContentInfo contentInfo = new ContentInfo(new ObjectIdentifier( 221 "1.2.840.113549.1.9.16.1.4"), 222 new DerValue(tstInfo2.toByteArray())); 223 224 System.err.println("Signing..."); 225 System.err.println(new X500Name(signer 226 .getIssuerX500Principal().getName())); 227 System.err.println(signer.getSerialNumber()); 228 229 SignerInfo signerInfo = new SignerInfo( 230 new X500Name(signer.getIssuerX500Principal().getName()), 231 signer.getSerialNumber(), 232 aid, AlgorithmId.get("RSA"), sig.sign()); 233 234 SignerInfo[] signerInfos = {signerInfo}; 235 PKCS7 p7 = 236 new PKCS7(algorithms, contentInfo, signerCertificateChain, 237 signerInfos); 238 ByteArrayOutputStream p7out = new ByteArrayOutputStream(); 239 p7.encodeSignedData(p7out); 240 241 DerOutputStream response = new DerOutputStream(); 242 response.write(DerValue.tag_Sequence, statusInfo); 243 response.putDerValue(new DerValue(p7out.toByteArray())); 244 245 DerOutputStream out = new DerOutputStream(); 246 out.write(DerValue.tag_Sequence, response); 247 248 return out.toByteArray(); 249 } 250 251 private Handler(HttpServer httpServer, String keystore) { 252 this.httpServer = httpServer; 253 this.keystore = keystore; 254 } 255 256 /** 257 * Initialize TSA instance. 258 * 259 * Extended Key Info extension of certificate that is used for 260 * signing TSA responses should contain timeStamping value. 261 */ 262 static Handler init(int port, String keystore) throws IOException { 263 HttpServer httpServer = HttpServer.create( 264 new InetSocketAddress(port), 0); 265 Handler tsa = new Handler(httpServer, keystore); 266 httpServer.createContext("/", tsa); 267 return tsa; 268 } 269 270 /** 271 * Start TSA service. 272 */ 273 void start() { 274 httpServer.start(); 275 } 276 277 /** 278 * Stop TSA service. 279 */ 280 void stop() { 281 httpServer.stop(0); 282 } 283 284 /** 285 * Return server port number. 286 */ 287 int getPort() { 288 return httpServer.getAddress().getPort(); 289 } 290 291 @Override 292 public void close() throws Exception { 293 stop(); 294 } 295 } 296 297 public static void main(String[] args) throws Exception { 298 try (Handler tsa = Handler.init(0, TSKS);) { 299 tsa.start(); 300 int port = tsa.getPort(); 301 302 String cmd; 303 // Use -J-Djava.security.egd=file:/dev/./urandom to speed up 304 // nonce generation in timestamping request. Not avaibale on 305 // Windows and defaults to thread seed generator, not too bad. 306 if (System.getProperty("java.home").endsWith("jre")) { 307 cmd = System.getProperty("java.home") + "/../bin/jarsigner"; 308 } else { 309 cmd = System.getProperty("java.home") + "/bin/jarsigner"; 310 } 311 312 cmd += " " + System.getProperty("test.tool.vm.opts") 313 + " -J-Djava.security.egd=file:/dev/./urandom" 314 + " -debug -keystore " + TSKS + " -storepass changeit" 315 + " -tsa http://localhost:" + port + "/%d" 316 + " -signedjar new_%d.jar " + JAR + " old"; 317 318 if (args.length == 0) { // Run this test 319 jarsigner(cmd, 0, true); // Success, normal call 320 jarsigner(cmd, 1, false); // These 4 should fail 321 jarsigner(cmd, 2, false); 322 jarsigner(cmd, 3, false); 323 jarsigner(cmd, 4, false); 324 jarsigner(cmd, 5, true); // Success, 6543440 solved. 325 jarsigner(cmd, 6, false); // tsbad1 326 jarsigner(cmd, 7, false); // tsbad2 327 jarsigner(cmd, 8, false); // tsbad3 328 jarsigner(cmd, 9, false); // no cert in timestamp 329 jarsigner(cmd + " -tsapolicyid 1.2.3.4", 10, true); 330 checkTimestamp("new_10.jar", "1.2.3.4", "SHA-256"); 331 jarsigner(cmd + " -tsapolicyid 1.2.3.5", 11, false); 332 jarsigner(cmd + " -tsadigestalg SHA", 12, true); 333 checkTimestamp("new_12.jar", defaultPolicyId, "SHA-1"); 334 } else { // Run as a standalone server 335 System.err.println("Press Enter to quit server"); 336 System.in.read(); 337 } 338 } 339 } 340 341 static void checkTimestamp(String file, String policyId, String digestAlg) 342 throws Exception { 343 try (JarFile jf = new JarFile(file)) { 344 JarEntry je = jf.getJarEntry("META-INF/OLD.RSA"); 345 try (InputStream is = jf.getInputStream(je)) { 346 byte[] content = is.readAllBytes(); 347 PKCS7 p7 = new PKCS7(content); 348 SignerInfo[] si = p7.getSignerInfos(); 349 if (si == null || si.length == 0) { 350 throw new Exception("Not signed"); 351 } 352 PKCS9Attribute p9 = si[0].getUnauthenticatedAttributes() 353 .getAttribute(PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_OID); 354 PKCS7 tsToken = new PKCS7((byte[]) p9.getValue()); 355 TimestampToken tt = 356 new TimestampToken(tsToken.getContentInfo().getData()); 357 if (!tt.getHashAlgorithm().toString().equals(digestAlg)) { 358 throw new Exception("Digest alg different"); 359 } 360 if (!tt.getPolicyID().equals(policyId)) { 361 throw new Exception("policyId different"); 362 } 363 } 364 } 365 } 366 367 /** 368 * @param cmd the command line (with a hole to plug in) 369 * @param path the path in the URL, i.e, http://localhost/path 370 * @param expected if this command should succeed 371 */ 372 static void jarsigner(String cmd, int path, boolean expected) 373 throws Exception { 374 System.err.println("Test " + path); 375 Process p = Runtime.getRuntime().exec(String.format(Locale.ROOT,cmd, path, path)); 376 BufferedReader reader = new BufferedReader( 377 new InputStreamReader(p.getErrorStream())); 378 while (true) { 379 String s = reader.readLine(); 380 if (s == null) break; 381 System.err.println(s); 382 } 383 384 // Will not see noTimestamp warning 385 boolean seeWarning = false; 386 reader = new BufferedReader( 387 new InputStreamReader(p.getInputStream())); 388 while (true) { 389 String s = reader.readLine(); 390 if (s == null) break; 391 System.err.println(s); 392 if (s.indexOf("Warning:") >= 0) { 393 seeWarning = true; 394 } 395 } 396 int result = p.waitFor(); 397 if (expected && result != 0 || !expected && result == 0) { 398 throw new Exception("Failed"); 399 } 400 if (seeWarning) { 401 throw new Exception("See warning"); 402 } 403 } 404} 405