8215776: Keytool importkeystore may mix up certificate chain entries when DNs conflict

Reviewed-by: xuelei
2025-08-27 14:54:52 +02:00 · 2019-01-22 21:18:45 +08:00 · 2019-01-22 21:18:45 +08:00 · 033465d815
commit 033465d815
parent bb1e1c7120
2 changed files with 142 additions and 13 deletions
--- a/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
+++ b/src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2019, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -63,6 +63,7 @@ import javax.crypto.Mac;
 import javax.security.auth.DestroyFailedException;
 import javax.security.auth.x500.X500Principal;

+import sun.security.tools.KeyStoreUtil;
 import sun.security.util.Debug;
 import sun.security.util.DerInputStream;
 import sun.security.util.DerOutputStream;
@ -74,6 +75,7 @@ import sun.security.x509.AlgorithmId;
 import sun.security.pkcs.EncryptedPrivateKeyInfo;
 import sun.security.provider.JavaKeyStore.JKS;
 import sun.security.util.KeyStoreDelegator;
+import sun.security.x509.AuthorityKeyIdentifierExtension;


 /**
@ -306,8 +308,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
        Collections.synchronizedMap(new LinkedHashMap<String, Entry>());

    private ArrayList<KeyEntry> keyList = new ArrayList<KeyEntry>();
-    private LinkedHashMap<X500Principal, X509Certificate> certsMap =
-            new LinkedHashMap<X500Principal, X509Certificate>();
+    private List<X509Certificate> allCerts = new ArrayList<>();
    private ArrayList<CertEntry> certEntries = new ArrayList<CertEntry>();

    /**
@ -2212,11 +2213,10 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
                        }
                    }
                    chain.add(cert);
-                    X500Principal issuerDN = cert.getIssuerX500Principal();
-                    if (issuerDN.equals(cert.getSubjectX500Principal())) {
+                    if (KeyStoreUtil.isSelfSigned(cert)) {
                        break;
                    }
-                    cert = certsMap.get(issuerDN);
+                    cert = findIssuer(cert);
                }
                /* Update existing KeyEntry in entries table */
                if (chain.size() > 0) {
@ -2246,10 +2246,74 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
        }

        certEntries.clear();
-        certsMap.clear();
+        allCerts.clear();
        keyList.clear();
    }

+    /**
+     * Find the issuer of input in allCerts. If the input has an
+     * AuthorityKeyIdentifier extension and the keyId inside matches
+     * the keyId of the SubjectKeyIdentifier of a cert. This cert is
+     * returned. Otherwise, a cert whose subjectDN is the same as the
+     * input's issuerDN is returned.
+     *
+     * @param input the input certificate
+     * @return the isssuer, or null if none matches
+     */
+    private X509Certificate findIssuer(X509Certificate input) {
+
+        X509Certificate fallback = null; // the DN match
+        X500Principal issuerPrinc = input.getIssuerX500Principal();
+
+        // AuthorityKeyIdentifier value encoded as an OCTET STRING
+        byte[] issuerIdExtension = input.getExtensionValue("2.5.29.35");
+        byte[] issuerId = null;
+
+        if (issuerIdExtension != null) {
+            try {
+                issuerId = new AuthorityKeyIdentifierExtension(
+                            false,
+                            new DerValue(issuerIdExtension).getOctetString())
+                        .getEncodedKeyIdentifier();
+            } catch (IOException e) {
+                // ignored. issuerId is still null
+            }
+        }
+
+        for (X509Certificate cert : allCerts) {
+            if (cert.getSubjectX500Principal().equals(issuerPrinc)) {
+                if (issuerId != null) {
+                    // SubjectKeyIdentifier value encoded as an OCTET STRING
+                    byte[] subjectIdExtension = cert.getExtensionValue("2.5.29.14");
+                    byte[] subjectId = null;
+                    if (subjectIdExtension != null) {
+                        try {
+                            subjectId = new DerValue(subjectIdExtension)
+                                    .getOctetString();
+                        } catch (IOException e) {
+                            // ignored. issuerId is still null
+                        }
+                    }
+                    if (subjectId != null) {
+                        if (Arrays.equals(issuerId, subjectId)) {
+                            // keyId exact match!
+                            return cert;
+                        } else {
+                            // Different keyId. Not a fallback.
+                            continue;
+                        }
+                    } else {
+                        // A DN match with no subjectId
+                        fallback = cert;
+                    }
+                } else { // if there is no issuerId, return the 1st DN match
+                    return cert;
+                }
+            }
+        }
+        return fallback;
+    }
+
    /**
     * Returns if a pkcs12 file is password-less. This means no cert is
     * encrypted and there is no Mac. Please note that the private key
@ -2507,12 +2571,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
                } else {
                    certEntries.add(new CertEntry(cert, keyId, alias));
                }
-                X500Principal subjectDN = cert.getSubjectX500Principal();
-                if (subjectDN != null) {
-                    if (!certsMap.containsKey(subjectDN)) {
-                        certsMap.put(subjectDN, cert);
-                    }
-                }
+                allCerts.add(cert);
            }
        }
    }