JDK-8165274 : SHA1 certpath constraint check fails with OCSP certificate
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 9
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2016-09-01
  • Updated: 2023-10-23
  • Resolved: 2016-10-18
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 8 JDK 9
8u152Fixed 9 b142Fixed
Related Reports
Relates :  
JDK-8149555 - JEP 288: Disable SHA-1 Certificates
Relates :  
JDK-8170820 - RevocationRestrictions.java test needs to be updated to use cached OCSP responses
Description
OCSP certificate with SHA1 signature is not algorithm constrained when jdk.certpath.disabledAlgorithms is set to restrict SHA1.

A setup where certificate path includes all certificates with SHA256 except OCSP, successfully validates certpath when SHA1 is constrained. Since OCSP signer certificate has SHA1 signature, it should be restricted and validation should fail with "Algorithm constraint check failed".

CRL signing should also be checked in the same context.
Comments
URL: http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/70abbd047ed7 User: lana Date: 2016-10-26 20:16:10 +0000
26-10-2016
URL: http://hg.openjdk.java.net/jdk9/dev/jdk/rev/70abbd047ed7 User: ascarpino Date: 2016-10-18 22:13:51 +0000
18-10-2016
Check DisabledAlgorithmConstraints:527 fails as trustedMatch is set to false. OCSPResponse.verify:504, while creating AlgorithmChecker, OCSP responders issuerCert is passed as TrustAnhor. This test uses folllowing chain: - CA -> INT-SHA256 -> EE-SHA256 -> OCSP-SHA1 Since issuer for OCSP-SHA1 is INT-SHA256, which is not in cacerts, trustsedMatch is set to false and as a result, DisabledAlgorithmConstraints:527 accepts OCSP with SHA1 signature. OCSPResponse.verify:504 should chain all the way to find top trustAnchor and then set trustedMatch.
02-09-2016
What is jdk.certpath.disabledAlgorithms? jdk.certpath.disabledAlgorithms is set to "MD2, MD5, SHA-1 jdkCA" Was a cert added to cacerts with the " [jdk]" as the suffix? Yes, CA is with " [jdk]" suffix. Do you see farther up in the debug log, around checker2, it searching AnchorCertificate.contains() for a match? EE certificate has SHA256 signature, the issue is with OCSP certificate which has SHA1 signature.
02-09-2016
Looking at the provided debug, certpath looks like it is blocking only certificate chains with trust anchors in cacerts file: certpath: jdkCAConstraints.permits(): SHA1 From the subject name, this does not look like a pre-existing certificate in the cacerts: Issuer: CN=INT-SHA256, O=Oracle, ST=SCA, C=US Questions: What is jdk.certpath.disabledAlgorithms? Was a cert added to cacerts with the " [jdk]" as the suffix? Do you see farther up in the debug log, around checker2, it searching AnchorCertificate.contains() for a match?
02-09-2016