8249906: Enhance opening JARs

Reviewed-by: weijun, rhalade, mschoene

Author: seanjmullan

src/java.base/share/classes/java/security/cert/CertPathHelperImpl.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -63,4 +63,8 @@ protected void implSetPathToNames(X509CertSelector sel,
     protected void implSetDateAndTime(X509CRLSelector sel, Date date, long skew) {
         sel.setDateAndTime(date, skew);
     }
+
+    protected boolean implIsJdkCA(TrustAnchor anchor) {
+        return anchor.isJdkCA();
+    }
 }

src/java.base/share/classes/java/security/cert/TrustAnchor.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,6 +30,7 @@
 
 import javax.security.auth.x500.X500Principal;
 
+import sun.security.util.AnchorCertificates;
 import sun.security.x509.NameConstraintsExtension;
 import sun.security.x509.X500Name;
 
@@ -68,6 +69,12 @@ public class TrustAnchor {
     private final X509Certificate trustedCert;
     private byte[] ncBytes;
     private NameConstraintsExtension nc;
+    private boolean jdkCA;
+    private boolean hasJdkCABeenChecked;
+
+    static {
+        CertPathHelperImpl.initialize();
+    }
 
     /**
      * Creates an instance of {@code TrustAnchor} with the specified
@@ -330,4 +337,18 @@ public String toString() {
             sb.append("  Name Constraints: " + nc.toString() + "\n");
         return sb.toString();
     }
+
+    /**
+     * Returns true if anchor is a JDK CA (a root CA that is included by
+     * default in the cacerts keystore).
+     */
+    synchronized boolean isJdkCA() {
+        if (!hasJdkCABeenChecked) {
+            if (trustedCert != null) {
+                jdkCA = AnchorCertificates.contains(trustedCert);
+            }
+            hasJdkCABeenChecked = true;
+        }
+        return jdkCA;
+    }
 }

src/java.base/share/classes/java/util/jar/JarFile.java

@@ -29,7 +29,6 @@
 import jdk.internal.access.JavaUtilZipFileAccess;
 import sun.security.action.GetPropertyAction;
 import sun.security.util.ManifestEntryVerifier;
-import sun.security.util.SignatureFileVerifier;
 
 import java.io.ByteArrayInputStream;
 import java.io.EOFException;

src/java.base/share/classes/sun/security/pkcs/SignerInfo.java

@@ -36,9 +36,11 @@
 import java.security.*;
 import java.security.spec.PSSParameterSpec;
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.Collections;
-import java.util.EnumSet;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
 import java.util.Set;
 
 import sun.security.provider.SHAKE256;
@@ -55,16 +57,8 @@
  */
 public class SignerInfo implements DerEncoder {
 
-    // Digest and Signature restrictions
-    private static final Set<CryptoPrimitive> DIGEST_PRIMITIVE_SET =
-            Collections.unmodifiableSet(EnumSet.of(CryptoPrimitive.MESSAGE_DIGEST));
-
-    private static final Set<CryptoPrimitive> SIG_PRIMITIVE_SET =
-            Collections.unmodifiableSet(EnumSet.of(CryptoPrimitive.SIGNATURE));
-
     private static final DisabledAlgorithmConstraints JAR_DISABLED_CHECK =
-            new DisabledAlgorithmConstraints(
-                    DisabledAlgorithmConstraints.PROPERTY_JAR_DISABLED_ALGS);
+            DisabledAlgorithmConstraints.jarConstraints();
 
     BigInteger version;
     X500Name issuerName;
@@ -79,6 +73,14 @@ public class SignerInfo implements DerEncoder {
     PKCS9Attributes authenticatedAttributes;
     PKCS9Attributes unauthenticatedAttributes;
 
+    /**
+     * A map containing the algorithms in this SignerInfo. This is used to
+     * avoid checking algorithms to see if they are disabled more than once.
+     * The key is the AlgorithmId of the algorithm, and the value is the name of
+     * the field or attribute.
+     */
+    private Map<AlgorithmId, String> algorithms = new HashMap<>();
+
     public SignerInfo(X500Name  issuerName,
                       BigInteger serial,
                       AlgorithmId digestAlgorithmId,
@@ -329,20 +331,15 @@ SignerInfo verify(PKCS7 block, byte[] data)
     throws NoSuchAlgorithmException, SignatureException {
 
         try {
+            Timestamp timestamp = getTimestamp();
 
             ContentInfo content = block.getContentInfo();
             if (data == null) {
                 data = content.getContentBytes();
             }
 
-            Timestamp timestamp = null;
-            try {
-                timestamp = getTimestamp();
-            } catch (Exception ignore) {
-            }
-
-            ConstraintsParameters cparams =
-                    new ConstraintsParameters(timestamp);
+            String digestAlgName = digestAlgorithmId.getName();
+            algorithms.put(digestAlgorithmId, "SignerInfo digestAlgorithm field");
 
             byte[] dataSigned;
 
@@ -368,19 +365,10 @@ SignerInfo verify(PKCS7 block, byte[] data)
                 if (messageDigest == null) // fail if there is no message digest
                     return null;
 
-                String digestAlgname = digestAlgorithmId.getName();
-
-                // check that digest algorithm is not restricted
-                try {
-                    JAR_DISABLED_CHECK.permits(digestAlgname, cparams);
-                } catch (CertPathValidatorException e) {
-                    throw new SignatureException(e.getMessage(), e);
-                }
-
                 byte[] computedMessageDigest;
-                if (digestAlgname.equals("SHAKE256")
-                        || digestAlgname.equals("SHAKE256-LEN")) {
-                    if (digestAlgname.equals("SHAKE256-LEN")) {
+                if (digestAlgName.equals("SHAKE256")
+                        || digestAlgName.equals("SHAKE256-LEN")) {
+                    if (digestAlgName.equals("SHAKE256-LEN")) {
                         int v = new DerValue(digestAlgorithmId
                                 .getEncodedParams()).getInteger();
                         if (v != 512) {
@@ -392,15 +380,12 @@ SignerInfo verify(PKCS7 block, byte[] data)
                     md.update(data, 0, data.length);
                     computedMessageDigest = md.digest();
                 } else {
-                    MessageDigest md = MessageDigest.getInstance(digestAlgname);
+                    MessageDigest md = MessageDigest.getInstance(digestAlgName);
                     computedMessageDigest = md.digest(data);
                 }
 
-                if (messageDigest.length != computedMessageDigest.length)
+                if (!MessageDigest.isEqual(messageDigest, computedMessageDigest)) {
                     return null;
-                for (int i = 0; i < messageDigest.length; i++) {
-                    if (messageDigest[i] != computedMessageDigest[i])
-                        return null;
                 }
 
                 // message digest attribute matched
@@ -414,16 +399,18 @@ SignerInfo verify(PKCS7 block, byte[] data)
 
             // put together digest algorithm and encryption algorithm
             // to form signing algorithm. See makeSigAlg for details.
-            String algname = makeSigAlg(
+            String sigAlgName = makeSigAlg(
                     digestAlgorithmId,
                     digestEncryptionAlgorithmId,
                     authenticatedAttributes == null);
 
-            // check that jar signature algorithm is not restricted
-            try {
-                JAR_DISABLED_CHECK.permits(algname, cparams);
-            } catch (CertPathValidatorException e) {
-                throw new SignatureException(e.getMessage(), e);
+            KnownOIDs oid = KnownOIDs.findMatch(sigAlgName);
+            if (oid != null) {
+                AlgorithmId sigAlgId =
+                    new AlgorithmId(ObjectIdentifier.of(oid),
+                            digestEncryptionAlgorithmId.getParameters());
+                algorithms.put(sigAlgId,
+                    "SignerInfo digestEncryptionAlgorithm field");
             }
 
             X509Certificate cert = getCertificate(block);
@@ -432,14 +419,6 @@ SignerInfo verify(PKCS7 block, byte[] data)
             }
             PublicKey key = cert.getPublicKey();
 
-            // check if the public key is restricted
-            if (!JAR_DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, key)) {
-                throw new SignatureException("Public key check failed. " +
-                        "Disabled key used: " +
-                        KeyUtil.getKeySize(key) + " bit " +
-                        key.getAlgorithm());
-            }
-
             if (cert.hasUnsupportedCriticalExtension()) {
                 throw new SignatureException("Certificate has unsupported "
                                              + "critical extension(s)");
@@ -476,13 +455,13 @@ SignerInfo verify(PKCS7 block, byte[] data)
                 }
             }
 
-            Signature sig = Signature.getInstance(algname);
+            Signature sig = Signature.getInstance(sigAlgName);
 
             AlgorithmParameters ap =
                 digestEncryptionAlgorithmId.getParameters();
             try {
                 SignatureUtil.initVerifyWithParam(sig, key,
-                    SignatureUtil.getParamSpec(algname, ap));
+                    SignatureUtil.getParamSpec(sigAlgName, ap));
             } catch (ProviderException | InvalidAlgorithmParameterException |
                      InvalidKeyException e) {
                 throw new SignatureException(e.getMessage(), e);
@@ -492,9 +471,8 @@ SignerInfo verify(PKCS7 block, byte[] data)
             if (sig.verify(encryptedDigest)) {
                 return this;
             }
-        } catch (IOException e) {
-            throw new SignatureException("IO error verifying signature:\n" +
-                                         e.getMessage());
+        } catch (IOException | CertificateException e) {
+            throw new SignatureException("Error verifying signature", e);
         }
         return null;
     }
@@ -654,6 +632,9 @@ public Timestamp getTimestamp()
         // Extract the signer (the Timestamping Authority)
         // while verifying the content
         SignerInfo[] tsa = tsToken.verify(encTsTokenInfo);
+        if (tsa == null || tsa.length == 0) {
+            throw new SignatureException("Unable to verify timestamp");
+        }
         // Expect only one signer
         ArrayList<X509Certificate> chain = tsa[0].getCertificateChain(tsToken);
         CertificateFactory cf = CertificateFactory.getInstance("X.509");
@@ -662,6 +643,7 @@ public Timestamp getTimestamp()
         TimestampToken tsTokenInfo = new TimestampToken(encTsTokenInfo);
         // Check that the signature timestamp applies to this signature
         verifyTimestamp(tsTokenInfo);
+        algorithms.putAll(tsa[0].algorithms);
         // Create a timestamp object
         timestamp = new Timestamp(tsTokenInfo.getDate(), tsaChain);
         return timestamp;
@@ -674,18 +656,13 @@ public Timestamp getTimestamp()
      */
     private void verifyTimestamp(TimestampToken token)
         throws NoSuchAlgorithmException, SignatureException {
-        String digestAlgname = token.getHashAlgorithm().getName();
-        // check that algorithm is not restricted
-        if (!JAR_DISABLED_CHECK.permits(DIGEST_PRIMITIVE_SET, digestAlgname,
-                null)) {
-            throw new SignatureException("Timestamp token digest check failed. " +
-                    "Disabled algorithm used: " + digestAlgname);
-        }
 
-        MessageDigest md =
-            MessageDigest.getInstance(digestAlgname);
+        AlgorithmId digestAlgId = token.getHashAlgorithm();
+        algorithms.put(digestAlgId, "TimestampToken digestAlgorithm field");
+
+        MessageDigest md = MessageDigest.getInstance(digestAlgId.getName());
 
-        if (!Arrays.equals(token.getHashedMessage(),
+        if (!MessageDigest.isEqual(token.getHashedMessage(),
             md.digest(encryptedDigest))) {
 
             throw new SignatureException("Signature timestamp (#" +
@@ -726,4 +703,35 @@ public String toString() {
         }
         return out;
     }
+
+    /**
+     * Verify all of the algorithms in the array of SignerInfos against the
+     * constraints in the jdk.jar.disabledAlgorithms security property.
+     *
+     * @param infos array of SignerInfos
+     * @param params constraint parameters
+     * @param name the name of the signer's PKCS7 file
+     * @return a set of algorithms that passed the checks and are not disabled
+     */
+    public static Set<String> verifyAlgorithms(SignerInfo[] infos,
+        JarConstraintsParameters params, String name) throws SignatureException {
+        Map<AlgorithmId, String> algorithms = new HashMap<>();
+        for (SignerInfo info : infos) {
+            algorithms.putAll(info.algorithms);
+        }
+
+        Set<String> enabledAlgorithms = new HashSet<>();
+        try {
+            for (Map.Entry<AlgorithmId, String> algorithm : algorithms.entrySet()) {
+                params.setExtendedExceptionMsg(name, algorithm.getValue());
+                AlgorithmId algId = algorithm.getKey();
+                JAR_DISABLED_CHECK.permits(algId.getName(),
+                    algId.getParameters(), params);
+                enabledAlgorithms.add(algId.getName());
+            }
+        } catch (CertPathValidatorException e) {
+            throw new SignatureException(e);
+        }
+        return enabledAlgorithms;
+    }
 }

src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,8 +27,6 @@
 
 import java.security.AlgorithmConstraints;
 import java.security.CryptoPrimitive;
-import java.security.Timestamp;
-import java.security.cert.CertPathValidator;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Date;
@@ -53,14 +51,13 @@
 import java.security.interfaces.DSAPublicKey;
 import java.security.spec.DSAPublicKeySpec;
 
-import sun.security.util.AnchorCertificates;
 import sun.security.util.ConstraintsParameters;
 import sun.security.util.Debug;
 import sun.security.util.DisabledAlgorithmConstraints;
 import sun.security.validator.Validator;
+import sun.security.x509.AlgorithmId;
 import sun.security.x509.X509CertImpl;
 import sun.security.x509.X509CRLImpl;
-import sun.security.x509.AlgorithmId;
 
 /**
  * A {@code PKIXCertPathChecker} implementation to check whether a
@@ -78,10 +75,10 @@ public final class AlgorithmChecker extends PKIXCertPathChecker {
 
     private final AlgorithmConstraints constraints;
     private final PublicKey trustedPubKey;
-    private final Date pkixdate;
+    private final Date date;
     private PublicKey prevPubKey;
-    private final Timestamp jarTimestamp;
     private final String variant;
+    private TrustAnchor anchor;
 
     private static final Set<CryptoPrimitive> SIGNATURE_PRIMITIVE_SET =
         Collections.unmodifiableSet(EnumSet.of(CryptoPrimitive.SIGNATURE));
@@ -94,95 +91,70 @@ public final class AlgorithmChecker extends PKIXCertPathChecker {
             CryptoPrimitive.KEY_AGREEMENT));
 
     private static final DisabledAlgorithmConstraints
-        certPathDefaultConstraints = new DisabledAlgorithmConstraints(
-            DisabledAlgorithmConstraints.PROPERTY_CERTPATH_DISABLED_ALGS);
-
-    // If there is no "cacerts" keyword, then disable anchor checking
-    private static final boolean publicCALimits =
-            certPathDefaultConstraints.checkProperty("jdkCA");
-
-    // If anchor checking enabled, this will be true if the trust anchor
-    // has a match in the cacerts file
-    private boolean trustedMatch = false;
+        certPathDefaultConstraints =
+            DisabledAlgorithmConstraints.certPathConstraints();
 
     /**
-     * Create a new {@code AlgorithmChecker} with the given algorithm
-     * given {@code TrustAnchor} and {@code String} variant.
+     * Create a new {@code AlgorithmChecker} with the given
+     * {@code TrustAnchor} and {@code String} variant.
      *
      * @param anchor the trust anchor selected to validate the target
      *     certificate
-     * @param variant is the Validator variants of the operation. A null value
+     * @param variant the Validator variant of the operation. A null value
      *                passed will set it to Validator.GENERIC.
      */
     public AlgorithmChecker(TrustAnchor anchor, String variant) {
-        this(anchor, certPathDefaultConstraints, null, null, variant);
+        this(anchor, certPathDefaultConstraints, null, variant);
     }
 
     /**
      * Create a new {@code AlgorithmChecker} with the given
-     * {@code AlgorithmConstraints}, {@code Timestamp}, and {@code String}
-     * variant.
+     * {@code AlgorithmConstraints} and {@code String} variant.
      *
      * Note that this constructor can initialize a variation of situations where
-     * the AlgorithmConstraints, Timestamp, or Variant maybe known.
+     * the AlgorithmConstraints or Variant maybe known.
      *
      * @param constraints the algorithm constraints (or null)
-     * @param jarTimestamp Timestamp passed for JAR timestamp constraint
-     *                     checking. Set to null if not applicable.
-     * @param variant is the Validator variants of the operation. A null value
+     * @param variant the Validator variant of the operation. A null value
      *                passed will set it to Validator.GENERIC.
      */
-    public AlgorithmChecker(AlgorithmConstraints constraints,
-            Timestamp jarTimestamp, String variant) {
-        this(null, constraints, null, jarTimestamp, variant);
+    public AlgorithmChecker(AlgorithmConstraints constraints, String variant) {
+        this(null, constraints, null, variant);
     }
 
     /**
      * Create a new {@code AlgorithmChecker} with the
-     * given {@code TrustAnchor}, {@code AlgorithmConstraints},
-     * {@code Timestamp}, and {@code String} variant.
+     * given {@code TrustAnchor}, {@code AlgorithmConstraints}, {@code Date},
+     * and {@code String} variant.
      *
      * @param anchor the trust anchor selected to validate the target
      *     certificate
      * @param constraints the algorithm constraints (or null)
-     * @param pkixdate The date specified by the PKIXParameters date.  If the
-     *                 PKIXParameters is null, the current date is used.  This
-     *                 should be null when jar files are being checked.
-     * @param jarTimestamp Timestamp passed for JAR timestamp constraint
-     *                     checking. Set to null if not applicable.
-     * @param variant is the Validator variants of the operation. A null value
+     * @param date the date specified by the PKIXParameters date, or the
+     *             JAR timestamp if jar files are being validated and the
+     *             JAR is timestamped. May be null if no timestamp or
+     *             PKIXParameter date is set.
+     * @param variant the Validator variant of the operation. A null value
      *                passed will set it to Validator.GENERIC.
      */
     public AlgorithmChecker(TrustAnchor anchor,
-            AlgorithmConstraints constraints, Date pkixdate,
-            Timestamp jarTimestamp, String variant) {
+            AlgorithmConstraints constraints, Date date, String variant) {
 
         if (anchor != null) {
             if (anchor.getTrustedCert() != null) {
                 this.trustedPubKey = anchor.getTrustedCert().getPublicKey();
-                // Check for anchor certificate restrictions
-                trustedMatch = checkFingerprint(anchor.getTrustedCert());
-                if (trustedMatch && debug != null) {
-                    debug.println("trustedMatch = true");
-                }
             } else {
                 this.trustedPubKey = anchor.getCAPublicKey();
             }
+            this.anchor = anchor;
         } else {
             this.trustedPubKey = null;
-            if (debug != null) {
-                debug.println("TrustAnchor is null, trustedMatch is false.");
-            }
         }
 
         this.prevPubKey = this.trustedPubKey;
         this.constraints = (constraints == null ? certPathDefaultConstraints :
                 constraints);
-        // If we are checking jar files, set pkixdate the same as the timestamp
-        // for certificate checking
-        this.pkixdate = (jarTimestamp != null ? jarTimestamp.getTimestamp() :
-                pkixdate);
-        this.jarTimestamp = jarTimestamp;
+        this.date = date;
         this.variant = (variant == null ? Validator.VAR_GENERIC : variant);
     }
 
@@ -194,24 +166,11 @@ public AlgorithmChecker(TrustAnchor anchor,
      *     certificate
      * @param pkixdate Date the constraints are checked against. The value is
      *             either the PKIXParameters date or null for the current date.
-     * @param variant is the Validator variants of the operation. A null value
+     * @param variant the Validator variant of the operation. A null value
      *                passed will set it to Validator.GENERIC.
      */
     public AlgorithmChecker(TrustAnchor anchor, Date pkixdate, String variant) {
-        this(anchor, certPathDefaultConstraints, pkixdate, null, variant);
-    }
-
-    // Check this 'cert' for restrictions in the AnchorCertificates
-    // trusted certificates list
-    private static boolean checkFingerprint(X509Certificate cert) {
-        if (!publicCALimits) {
-            return false;
-        }
-
-        if (debug != null) {
-            debug.println("AlgorithmChecker.contains: " + cert.getSigAlgName());
-        }
-        return AnchorCertificates.contains(cert);
+        this(anchor, certPathDefaultConstraints, pkixdate, variant);
     }
 
     @Override
@@ -318,18 +277,19 @@ public void check(Certificate cert,
         }
 
         ConstraintsParameters cp =
-                new ConstraintsParameters((X509Certificate)cert,
-                        trustedMatch, pkixdate, jarTimestamp, variant);
+            new CertPathConstraintsParameters(x509Cert, variant,
+                    anchor, date);
 
         // Check against local constraints if it is DisabledAlgorithmConstraints
         if (constraints instanceof DisabledAlgorithmConstraints) {
-            ((DisabledAlgorithmConstraints)constraints).permits(currSigAlg, cp);
+            ((DisabledAlgorithmConstraints)constraints).permits(currSigAlg,
+                currSigAlgParams, cp);
             // DisabledAlgorithmsConstraints does not check primitives, so key
             // additional key check.
 
         } else {
             // Perform the default constraints checking anyway.
-            certPathDefaultConstraints.permits(currSigAlg, cp);
+            certPathDefaultConstraints.permits(currSigAlg, currSigAlgParams, cp);
             // Call locally set constraints to check key with primitives.
             if (!constraints.permits(primitives, currPubKey)) {
                 throw new CertPathValidatorException(
@@ -408,14 +368,10 @@ void trySetTrustAnchor(TrustAnchor anchor) {
             // Don't bother to change the trustedPubKey.
             if (anchor.getTrustedCert() != null) {
                 prevPubKey = anchor.getTrustedCert().getPublicKey();
-                // Check for anchor certificate restrictions
-                trustedMatch = checkFingerprint(anchor.getTrustedCert());
-                if (trustedMatch && debug != null) {
-                    debug.println("trustedMatch = true");
-                }
             } else {
                 prevPubKey = anchor.getCAPublicKey();
             }
+            this.anchor = anchor;
         }
     }
 
@@ -424,11 +380,12 @@ void trySetTrustAnchor(TrustAnchor anchor) {
      *
      * @param key the public key to verify the CRL signature
      * @param crl the target CRL
-     * @param variant is the Validator variants of the operation. A null value
+     * @param variant the Validator variant of the operation. A null value
      *                passed will set it to Validator.GENERIC.
+     * @param anchor the trust anchor selected to validate the CRL issuer
      */
-    static void check(PublicKey key, X509CRL crl, String variant)
-                        throws CertPathValidatorException {
+    static void check(PublicKey key, X509CRL crl, String variant,
+                      TrustAnchor anchor) throws CertPathValidatorException {
 
         X509CRLImpl x509CRLImpl = null;
         try {
@@ -438,24 +395,24 @@ static void check(PublicKey key, X509CRL crl, String variant)
         }
 
         AlgorithmId algorithmId = x509CRLImpl.getSigAlgId();
-        check(key, algorithmId, variant);
+        check(key, algorithmId, variant, anchor);
     }
 
     /**
      * Check the signature algorithm with the specified public key.
      *
      * @param key the public key to verify the CRL signature
      * @param algorithmId signature algorithm Algorithm ID
-     * @param variant is the Validator variants of the operation. A null value
-     *                passed will set it to Validator.GENERIC.
+     * @param variant the Validator variant of the operation. A null
+     *                value passed will set it to Validator.GENERIC.
+     * @param anchor the trust anchor selected to validate the public key
      */
-    static void check(PublicKey key, AlgorithmId algorithmId, String variant)
-                        throws CertPathValidatorException {
-        String sigAlgName = algorithmId.getName();
-        AlgorithmParameters sigAlgParams = algorithmId.getParameters();
+    static void check(PublicKey key, AlgorithmId algorithmId, String variant,
+                      TrustAnchor anchor) throws CertPathValidatorException {
 
-        certPathDefaultConstraints.permits(new ConstraintsParameters(
-                sigAlgName, sigAlgParams, key, variant));
+        certPathDefaultConstraints.permits(algorithmId.getName(),
+            algorithmId.getParameters(),
+            new CertPathConstraintsParameters(key, variant, anchor));
     }
 }
 

src/java.base/share/classes/sun/security/provider/certpath/CertPathConstraintsParameters.java

@@ -0,0 +1,125 @@
+/*
+ * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.provider.certpath;
+
+import java.security.Key;
+import java.security.cert.TrustAnchor;
+import java.security.cert.X509Certificate;
+import java.util.Date;
+import java.util.Set;
+
+import sun.security.util.ConstraintsParameters;
+import sun.security.validator.Validator;
+
+/**
+ * This class contains parameters for checking certificates against
+ * constraints specified in the jdk.certpath.disabledAlgorithms security
+ * property.
+ */
+class CertPathConstraintsParameters implements ConstraintsParameters {
+    // The public key of the certificate
+    private final Key key;
+    // The certificate's trust anchor which will be checked against the
+    // jdkCA constraint, if specified.
+    private final TrustAnchor anchor;
+    // The PKIXParameter validity date or the timestamp of the signed JAR
+    // file, if this chain is associated with a timestamped signed JAR.
+    private final Date date;
+    // The variant or usage of this certificate
+    private final String variant;
+    // The certificate being checked (may be null if a CRL or OCSPResponse is
+    // being checked)
+    private final X509Certificate cert;
+
+    public CertPathConstraintsParameters(X509Certificate cert,
+            String variant, TrustAnchor anchor, Date date) {
+        this(cert.getPublicKey(), variant, anchor, date, cert);
+    }
+
+    public CertPathConstraintsParameters(Key key, String variant,
+            TrustAnchor anchor) {
+        this(key, variant, anchor, null, null);
+    }
+
+    private CertPathConstraintsParameters(Key key, String variant,
+            TrustAnchor anchor, Date date, X509Certificate cert) {
+        this.key = key;
+        this.variant = (variant == null ? Validator.VAR_GENERIC : variant);
+        this.anchor = anchor;
+        this.date = date;
+        this.cert = cert;
+    }
+
+    @Override
+    public boolean anchorIsJdkCA() {
+        return CertPathHelper.isJdkCA(anchor);
+    }
+
+    @Override
+    public Set<Key> getKeys() {
+        return (key == null) ? Set.of() : Set.of(key);
+    }
+
+    @Override
+    public Date getDate() {
+        return date;
+    }
+
+    @Override
+    public String getVariant() {
+        return variant;
+    }
+
+    @Override
+    public String extendedExceptionMsg() {
+        return (cert == null ? "."
+                 : " used with certificate: " +
+                   cert.getSubjectX500Principal());
+    }
+
+    @Override
+    public String toString() {
+        StringBuilder sb = new StringBuilder("[\n");
+        sb.append("\n  Variant: ").append(variant);
+        if (anchor != null) {
+            sb.append("\n  Anchor: ").append(anchor);
+        }
+        if (cert != null) {
+            sb.append("\n  Cert Issuer: ")
+              .append(cert.getIssuerX500Principal());
+            sb.append("\n  Cert Subject: ")
+              .append(cert.getSubjectX500Principal());
+        }
+        if (key != null) {
+            sb.append("\n  Key: ").append(key.getAlgorithm());
+        }
+        if (date != null) {
+            sb.append("\n  Date: ").append(date);
+        }
+        sb.append("\n]");
+        return sb.toString();
+    }
+}

src/java.base/share/classes/sun/security/provider/certpath/CertPathHelper.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,13 +28,14 @@
 import java.util.Date;
 import java.util.Set;
 
+import java.security.cert.TrustAnchor;
 import java.security.cert.X509CertSelector;
 import java.security.cert.X509CRLSelector;
 
 import sun.security.x509.GeneralNameInterface;
 
 /**
- * Helper class that allows access to Sun specific known-public methods in the
+ * Helper class that allows access to JDK specific known-public methods in the
  * java.security.cert package. It relies on a subclass in the
  * java.security.cert packages that is initialized before any of these methods
  * are called (achieved via static initializers).
@@ -59,6 +60,8 @@ protected abstract void implSetPathToNames(X509CertSelector sel,
 
     protected abstract void implSetDateAndTime(X509CRLSelector sel, Date date, long skew);
 
+    protected abstract boolean implIsJdkCA(TrustAnchor anchor);
+
     static void setPathToNames(X509CertSelector sel,
             Set<GeneralNameInterface> names) {
         instance.implSetPathToNames(sel, names);
@@ -67,4 +70,8 @@ static void setPathToNames(X509CertSelector sel,
     public static void setDateAndTime(X509CRLSelector sel, Date date, long skew) {
         instance.implSetDateAndTime(sel, date, skew);
     }
+
+    public static boolean isJdkCA(TrustAnchor anchor) {
+        return (anchor == null) ? false : instance.implIsJdkCA(anchor);
+    }
 }

src/java.base/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java

@@ -74,7 +74,7 @@ public static Collection<X509CRL> getCRLs(X509CRLSelector selector,
             throws CertStoreException
     {
         return getCRLs(selector, signFlag, prevKey, null, provider, certStores,
-                reasonsMask, trustAnchors, validity, variant);
+                reasonsMask, trustAnchors, validity, variant, null);
     }
     /**
      * Return the X509CRLs matching this selector. The selector must be
@@ -91,8 +91,14 @@ public static Collection<X509CRL> getCRLs(X509CRLSelector selector,
                                               Date validity)
         throws CertStoreException
     {
+        if (trustAnchors.isEmpty()) {
+            throw new CertStoreException(
+                "at least one TrustAnchor must be specified");
+        }
+        TrustAnchor anchor = trustAnchors.iterator().next();
         return getCRLs(selector, signFlag, prevKey, null, provider, certStores,
-                reasonsMask, trustAnchors, validity, Validator.VAR_GENERIC);
+                reasonsMask, trustAnchors, validity,
+                Validator.VAR_PLUGIN_CODE_SIGNING, anchor);
     }
 
     /**
@@ -108,7 +114,8 @@ public static Collection<X509CRL> getCRLs(X509CRLSelector selector,
                                               boolean[] reasonsMask,
                                               Set<TrustAnchor> trustAnchors,
                                               Date validity,
-                                              String variant)
+                                              String variant,
+                                              TrustAnchor anchor)
         throws CertStoreException
     {
         X509Certificate cert = selector.getCertificateChecking();
@@ -137,7 +144,7 @@ public static Collection<X509CRL> getCRLs(X509CRLSelector selector,
                 DistributionPoint point = t.next();
                 Collection<X509CRL> crls = getCRLs(selector, certImpl,
                     point, reasonsMask, signFlag, prevKey, prevCert, provider,
-                    certStores, trustAnchors, validity, variant);
+                    certStores, trustAnchors, validity, variant, anchor);
                 results.addAll(crls);
             }
             if (debug != null) {
@@ -162,7 +169,8 @@ private static Collection<X509CRL> getCRLs(X509CRLSelector selector,
         X509CertImpl certImpl, DistributionPoint point, boolean[] reasonsMask,
         boolean signFlag, PublicKey prevKey, X509Certificate prevCert,
         String provider, List<CertStore> certStores,
-        Set<TrustAnchor> trustAnchors, Date validity, String variant)
+        Set<TrustAnchor> trustAnchors, Date validity, String variant,
+        TrustAnchor anchor)
             throws CertStoreException {
 
         // check for full name
@@ -225,7 +233,7 @@ private static Collection<X509CRL> getCRLs(X509CRLSelector selector,
                 selector.setIssuerNames(null);
                 if (selector.match(crl) && verifyCRL(certImpl, point, crl,
                         reasonsMask, signFlag, prevKey, prevCert, provider,
-                        trustAnchors, certStores, validity, variant)) {
+                        trustAnchors, certStores, validity, variant, anchor)) {
                     crls.add(crl);
                 }
             } catch (IOException | CRLException e) {
@@ -335,7 +343,8 @@ static boolean verifyCRL(X509CertImpl certImpl, DistributionPoint point,
         X509CRL crl, boolean[] reasonsMask, boolean signFlag,
         PublicKey prevKey, X509Certificate prevCert, String provider,
         Set<TrustAnchor> trustAnchors, List<CertStore> certStores,
-        Date validity, String variant) throws CRLException, IOException {
+        Date validity, String variant, TrustAnchor anchor)
+        throws CRLException, IOException {
 
         if (debug != null) {
             debug.println("DistributionPointFetcher.verifyCRL: " +
@@ -682,7 +691,7 @@ static boolean verifyCRL(X509CertImpl certImpl, DistributionPoint point,
 
         // check the crl signature algorithm
         try {
-            AlgorithmChecker.check(prevKey, crl, variant);
+            AlgorithmChecker.check(prevKey, crl, variant, anchor);
         } catch (CertPathValidatorException cpve) {
             if (debug != null) {
                 debug.println("CRL signature algorithm check failed: " + cpve);

src/java.base/share/classes/sun/security/provider/certpath/OCSP.java

@@ -123,7 +123,8 @@ public static RevocationStatus check(X509Certificate cert,
         throws IOException, CertPathValidatorException
     {
         return check(cert, issuerCert, responderURI, responderCert, date,
-                     Collections.<Extension>emptyList(), Validator.VAR_GENERIC);
+                     Collections.<Extension>emptyList(),
+                     Validator.VAR_PLUGIN_CODE_SIGNING);
     }
 
 

src/java.base/share/classes/sun/security/provider/certpath/OCSPResponse.java

@@ -566,7 +566,8 @@ void verify(List<CertId> certIds, IssuerInfo issuerInfo,
         if (signerCert != null) {
             // Check algorithm constraints specified in security property
             // "jdk.certpath.disabledAlgorithms".
-            AlgorithmChecker.check(signerCert.getPublicKey(), sigAlgId, variant);
+            AlgorithmChecker.check(signerCert.getPublicKey(), sigAlgId, variant,
+                    issuerInfo.getAnchor());
 
             if (!verifySignature(signerCert)) {
                 throw new CertPathValidatorException(

src/java.base/share/classes/sun/security/provider/certpath/PKIX.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -33,6 +33,7 @@
 import javax.security.auth.x500.X500Principal;
 
 import sun.security.util.Debug;
+import sun.security.validator.Validator;
 
 /**
  * Common utility methods and classes used by the PKIX CertPathValidator and
@@ -87,7 +88,7 @@ static class ValidatorParams {
         private Set<TrustAnchor> anchors;
         private List<X509Certificate> certs;
         private Timestamp timestamp;
-        private String variant;
+        private String variant = Validator.VAR_GENERIC;
 
         ValidatorParams(CertPath cp, PKIXParameters params)
             throws InvalidAlgorithmParameterException
@@ -155,9 +156,17 @@ List<CertStore> certStores() {
         }
         Date date() {
             if (!gotDate) {
-                date = params.getDate();
-                if (date == null)
-                    date = new Date();
+                // use timestamp if checking signed code that is
+                // timestamped, otherwise use date parameter
+                if (timestamp != null &&
+                    (variant.equals(Validator.VAR_CODE_SIGNING) ||
+                     variant.equals(Validator.VAR_PLUGIN_CODE_SIGNING))) {
+                    date = timestamp.getTimestamp();
+                } else {
+                    date = params.getDate();
+                    if (date == null)
+                        date = new Date();
+                }
                 gotDate = true;
             }
             return date;
@@ -198,10 +207,6 @@ PKIXParameters getPKIXParameters() {
             return params;
         }
 
-        Timestamp timestamp() {
-            return timestamp;
-        }
-
         String variant() {
             return variant;
         }

src/java.base/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -34,7 +34,6 @@
 import jdk.internal.event.X509ValidationEvent;
 import jdk.internal.event.EventHelper;
 import sun.security.provider.certpath.PKIX.ValidatorParams;
-import sun.security.validator.Validator;
 import sun.security.x509.X509CertImpl;
 import sun.security.util.Debug;
 
@@ -178,7 +177,7 @@ private static PKIXCertPathValidatorResult validate(TrustAnchor anchor,
         // add standard checkers that we will be using
         certPathCheckers.add(untrustedChecker);
         certPathCheckers.add(new AlgorithmChecker(anchor, null, params.date(),
-                params.timestamp(), params.variant()));
+                params.variant()));
         certPathCheckers.add(new KeyChecker(certPathLen,
                                             params.targetCertConstraints()));
         certPathCheckers.add(new ConstraintsChecker(certPathLen));
@@ -195,19 +194,7 @@ private static PKIXCertPathValidatorResult validate(TrustAnchor anchor,
                                              rootNode);
         certPathCheckers.add(pc);
 
-        // the time that the certificate validity period should be
-        // checked against
-        Date timeToCheck = null;
-        // use timestamp if checking signed code that is timestamped, otherwise
-        // use date parameter from PKIXParameters
-        if ((params.variant() == Validator.VAR_CODE_SIGNING ||
-             params.variant() == Validator.VAR_PLUGIN_CODE_SIGNING) &&
-             params.timestamp() != null) {
-            timeToCheck = params.timestamp().getTimestamp();
-        } else {
-            timeToCheck = params.date();
-        }
-        BasicChecker bc = new BasicChecker(anchor, timeToCheck,
+        BasicChecker bc = new BasicChecker(anchor, params.date(),
                                            params.sigProvider(), false);
         certPathCheckers.add(bc);
 

src/java.base/share/classes/sun/security/provider/certpath/RevocationChecker.java

@@ -585,7 +585,8 @@ private void checkCRLs(X509Certificate cert, PublicKey prevKey,
                     approvedCRLs.addAll(DistributionPointFetcher.getCRLs(
                                         sel, signFlag, prevKey, prevCert,
                                         params.sigProvider(), certStores,
-                                        reasonsMask, anchors, null, params.variant()));
+                                        reasonsMask, anchors, null,
+                                        params.variant(), anchor));
                 }
             } catch (CertStoreException e) {
                 if (e instanceof CertStoreTypeException) {
@@ -893,7 +894,7 @@ private Collection<X509CRL> verifyPossibleCRLs(Set<X509CRL> crls,
                     if (DistributionPointFetcher.verifyCRL(
                             certImpl, point, crl, reasonsMask, signFlag,
                             prevKey, null, params.sigProvider(), anchors,
-                            certStores, params.date(), params.variant()))
+                            certStores, params.date(), params.variant(), anchor))
                     {
                         results.add(crl);
                     }

src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java

@@ -1558,7 +1558,7 @@ private void checkAlgorithmConstraints(X509Certificate[] chain,
             // A forward checker, need to check from trust to target
             if (checkedLength >= 0) {
                 AlgorithmChecker checker =
-                    new AlgorithmChecker(constraints, null,
+                    new AlgorithmChecker(constraints,
                             (checkClientTrusted ? Validator.VAR_TLS_CLIENT :
                                         Validator.VAR_TLS_SERVER));
                 checker.init(false);

src/java.base/share/classes/sun/security/ssl/X509KeyManagerImpl.java

@@ -838,8 +838,7 @@ private static boolean conformsToAlgorithmConstraints(
             AlgorithmConstraints constraints, Certificate[] chain,
             String variant) {
 
-        AlgorithmChecker checker =
-                new AlgorithmChecker(constraints, null, variant);
+        AlgorithmChecker checker = new AlgorithmChecker(constraints, variant);
         try {
             checker.init(false);
         } catch (CertPathValidatorException cpve) {

src/java.base/share/classes/sun/security/util/AnchorCertificates.java

@@ -36,6 +36,7 @@
 import java.util.HashSet;
 import java.util.Set;
 
+import javax.security.auth.x500.X500Principal;
 import sun.security.x509.X509CertImpl;
 
 /**
@@ -47,9 +48,10 @@ public class AnchorCertificates {
     private static final Debug debug = Debug.getInstance("certpath");
     private static final String HASH = "SHA-256";
     private static Set<String> certs = Collections.emptySet();
+    private static Set<X500Principal> certIssuers = Collections.emptySet();
 
     static  {
-        AccessController.doPrivileged(new PrivilegedAction<Void>() {
+        AccessController.doPrivileged(new PrivilegedAction<>() {
             @Override
             public Void run() {
                 File f = new File(FilePaths.cacerts());
@@ -59,15 +61,16 @@ public Void run() {
                     try (FileInputStream fis = new FileInputStream(f)) {
                         cacerts.load(fis, null);
                         certs = new HashSet<>();
+                        certIssuers = new HashSet<>();
                         Enumeration<String> list = cacerts.aliases();
-                        String alias;
                         while (list.hasMoreElements()) {
-                            alias = list.nextElement();
+                            String alias = list.nextElement();
                             // Check if this cert is labeled a trust anchor.
                             if (alias.contains(" [jdk")) {
                                 X509Certificate cert = (X509Certificate) cacerts
                                         .getCertificate(alias);
                                 certs.add(X509CertImpl.getFingerprint(HASH, cert));
+                                certIssuers.add(cert.getSubjectX500Principal());
                             }
                         }
                     }
@@ -83,10 +86,10 @@ public Void run() {
     }
 
     /**
-     * Checks if a certificate is a trust anchor.
+     * Checks if a certificate is a JDK trust anchor.
      *
      * @param cert the certificate to check
-     * @return true if the certificate is trusted.
+     * @return true if the certificate is a JDK trust anchor
      */
     public static boolean contains(X509Certificate cert) {
         String key = X509CertImpl.getFingerprint(HASH, cert);
@@ -98,5 +101,15 @@ public static boolean contains(X509Certificate cert) {
         return result;
     }
 
+    /**
+     * Checks if a JDK trust anchor is the issuer of a certificate.
+     *
+     * @param cert the certificate to check
+     * @return true if the certificate is issued by a trust anchor
+     */
+    public static boolean issuerOf(X509Certificate cert) {
+        return certIssuers.contains(cert.getIssuerX500Principal());
+    }
+
     private AnchorCertificates() {}
 }

src/java.base/share/classes/sun/security/util/ConstraintsParameters.java

@@ -25,167 +25,42 @@
 
 package sun.security.util;
 
-import sun.security.validator.Validator;
-
-import java.security.AlgorithmParameters;
 import java.security.Key;
-import java.security.Timestamp;
-import java.security.cert.X509Certificate;
-import java.security.interfaces.ECKey;
-import java.security.interfaces.XECKey;
-import java.security.spec.NamedParameterSpec;
 import java.util.Date;
+import java.util.Set;
 
 /**
- * This class contains parameters for checking against constraints that extend
- * past the publicly available parameters in java.security.AlgorithmConstraints.
- *
- * This is currently passed between PKIX, AlgorithmChecker,
- * and DisabledAlgorithmConstraints.
+ * This interface contains parameters for checking against constraints that
+ * extend past the publicly available parameters in
+ * java.security.AlgorithmConstraints.
  */
-public class ConstraintsParameters {
-    /*
-     * The below 3 values are used the same as the permit() methods
-     * published in java.security.AlgorithmConstraints.
-     */
-    // Algorithm string to be checked against constraints
-    private final String algorithm;
-    // AlgorithmParameters to the algorithm being checked
-    private final AlgorithmParameters algParams;
-    // Key being checked against constraints
-    private final Key key;
+public interface ConstraintsParameters {
 
-    /*
-     * New values that are checked against constraints that the current public
-     * API does not support.
+    /**
+     * Returns true if a certificate chains back to a trusted JDK root CA.
      */
-    // A certificate being passed to check against constraints.
-    private final X509Certificate cert;
-    // This is true if the trust anchor in the certificate chain matches a cert
-    // in AnchorCertificates
-    private final boolean trustedMatch;
-    // PKIXParameter date
-    private final Date pkixDate;
-    // Timestamp of the signed JAR file
-    private final Timestamp jarTimestamp;
-    private final String variant;
-    // Named Curve
-    private final String[] curveStr;
-    private static final String[] EMPTYLIST = new String[0];
-
-    public ConstraintsParameters(X509Certificate c, boolean match,
-            Date pkixdate, Timestamp jarTime, String variant) {
-        cert = c;
-        trustedMatch = match;
-        pkixDate = pkixdate;
-        jarTimestamp = jarTime;
-        this.variant = (variant == null ? Validator.VAR_GENERIC : variant);
-        algorithm = null;
-        algParams = null;
-        key = null;
-        if (c != null) {
-            curveStr = getNamedCurveFromKey(c.getPublicKey());
-        } else {
-            curveStr = EMPTYLIST;
-        }
-    }
-
-    public ConstraintsParameters(String algorithm, AlgorithmParameters params,
-            Key key, String variant) {
-        this.algorithm = algorithm;
-        algParams = params;
-        this.key = key;
-        curveStr = getNamedCurveFromKey(key);
-        cert = null;
-        trustedMatch = false;
-        pkixDate = null;
-        jarTimestamp = null;
-        this.variant = (variant == null ? Validator.VAR_GENERIC : variant);
-    }
-
-
-    public ConstraintsParameters(X509Certificate c) {
-        this(c, false, null, null,
-                Validator.VAR_GENERIC);
-    }
-
-    public ConstraintsParameters(Timestamp jarTime) {
-        this(null, false, null, jarTime, Validator.VAR_GENERIC);
-    }
-
-    public String getAlgorithm() {
-        return algorithm;
-    }
-
-    public AlgorithmParameters getAlgParams() {
-        return algParams;
-    }
+    boolean anchorIsJdkCA();
 
-    public Key getKey() {
-        return key;
-    }
-
-    // Returns if the trust anchor has a match if anchor checking is enabled.
-    public boolean isTrustedMatch() {
-        return trustedMatch;
-    }
-
-    public X509Certificate getCertificate() {
-        return cert;
-    }
-
-    public Date getPKIXParamDate() {
-        return pkixDate;
-    }
-
-    public Timestamp getJARTimestamp() {
-        return jarTimestamp;
-    }
-
-    public String getVariant() {
-        return variant;
-    }
-
-    public String[] getNamedCurve() {
-        return curveStr;
-    }
+    /**
+     * Returns the set of keys that should be checked against the
+     * constraints, or an empty set if there are no keys to be checked.
+     */
+    Set<Key> getKeys();
 
-    public static String[] getNamedCurveFromKey(Key key) {
-        if (key instanceof ECKey) {
-            NamedCurve nc = CurveDB.lookup(((ECKey)key).getParams());
-            return (nc == null ? EMPTYLIST : nc.getNameAndAliases());
-        } else if (key instanceof XECKey) {
-            String[] s = {
-                    ((NamedParameterSpec)((XECKey)key).getParams()).getName()
-            };
-            return s;
-        } else {
-            return EMPTYLIST;
-        }
-    }
+    /**
+     * Returns the date that should be checked against the constraints, or
+     * null if not set.
+     */
+    Date getDate();
 
-    public String toString() {
-        StringBuilder s = new StringBuilder();
-        s.append("Cert:       ");
-        if (cert != null) {
-            s.append(cert.toString());
-            s.append("\nSigAlgo:    ");
-            s.append(cert.getSigAlgName());
-        } else {
-            s.append("None");
-        }
-        s.append("\nAlgParams:  ");
-        if (getAlgParams() != null) {
-            getAlgParams().toString();
-        } else {
-            s.append("None");
-        }
-        s.append("\nNamedCurves: ");
-        for (String c : getNamedCurve()) {
-            s.append(c + " ");
-        }
-        s.append("\nVariant:    " + getVariant());
-        return s.toString();
-    }
+    /**
+     * Returns the Validator variant.
+     */
+    String getVariant();
 
+    /**
+     * Returns an extended message used in exceptions. See
+     * DisabledAlgorithmConstraints for usage.
+     */
+    String extendedExceptionMsg();
 }

src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java

@@ -0,0 +1,188 @@
+/*
+ * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.util;
+
+import java.security.CodeSigner;
+import java.security.Key;
+import java.security.Timestamp;
+import java.security.cert.CertPath;
+import java.security.cert.X509Certificate;
+import java.util.Date;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+import sun.security.util.AnchorCertificates;
+import sun.security.util.ConstraintsParameters;
+import sun.security.validator.Validator;
+
+/**
+ * This class contains parameters for checking signed JARs against
+ * constraints specified in the jdk.jar.disabledAlgorithms security
+ * property.
+ */
+public class JarConstraintsParameters implements ConstraintsParameters {
+
+    // true if chain is anchored by a JDK root CA
+    private boolean anchorIsJdkCA;
+    private boolean anchorIsJdkCASet;
+    // The timestamp of the signed JAR file, if timestamped
+    private Date timestamp;
+    // The keys of the signers
+    private final Set<Key> keys;
+    // The certs in the signers' chains that are issued by the trust anchor
+    private final Set<X509Certificate> certsIssuedByAnchor;
+    // The extended exception message
+    private String message;
+
+    /**
+     * Create a JarConstraintsParameters.
+     *
+     * @param signers the CodeSigners that signed the JAR
+     */
+    public JarConstraintsParameters(CodeSigner[] signers) {
+        this.keys = new HashSet<>();
+        this.certsIssuedByAnchor = new HashSet<>();
+        Date latestTimestamp = null;
+        boolean skipTimestamp = false;
+
+        // Iterate over the signers and extract the keys, the latest
+        // timestamp, and the last certificate of each chain which can be
+        // used for checking if the signer's certificate chains back to a
+        // JDK root CA
+        for (CodeSigner signer : signers) {
+            init(signer.getSignerCertPath());
+            Timestamp timestamp = signer.getTimestamp();
+            if (timestamp == null) {
+                // this means one of the signers doesn't have a timestamp
+                // and the JAR should be treated as if it isn't timestamped
+                latestTimestamp = null;
+                skipTimestamp = true;
+            } else {
+                // add the key and last cert of TSA too
+                init(timestamp.getSignerCertPath());
+                if (!skipTimestamp) {
+                    Date timestampDate = timestamp.getTimestamp();
+                    if (latestTimestamp == null) {
+                        latestTimestamp = timestampDate;
+                    } else {
+                        if (latestTimestamp.before(timestampDate)) {
+                            latestTimestamp = timestampDate;
+                        }
+                    }
+                }
+            }
+        }
+        this.timestamp = latestTimestamp;
+    }
+
+    // extract last certificate and key from chain
+    private void init(CertPath cp) {
+        @SuppressWarnings("unchecked")
+        List<X509Certificate> chain =
+            (List<X509Certificate>)cp.getCertificates();
+        if (!chain.isEmpty()) {
+            this.certsIssuedByAnchor.add(chain.get(chain.size() - 1));
+            this.keys.add(chain.get(0).getPublicKey());
+        }
+    }
+
+    @Override
+    public String getVariant() {
+        return Validator.VAR_GENERIC;
+    }
+
+    /**
+     * Since loading the cacerts keystore can be an expensive operation,
+     * this is only performed if this method is called during a "jdkCA"
+     * constraints check of a disabled algorithm, and the result is cached.
+     *
+     * @return true if at least one of the certificates are issued by a
+     *              JDK root CA
+     */
+    @Override
+    public boolean anchorIsJdkCA() {
+        if (anchorIsJdkCASet) {
+            return anchorIsJdkCA;
+        }
+        for (X509Certificate cert : certsIssuedByAnchor) {
+            if (AnchorCertificates.issuerOf(cert)) {
+                anchorIsJdkCA = true;
+                break;
+            }
+        }
+        anchorIsJdkCASet = true;
+        return anchorIsJdkCA;
+    }
+
+    @Override
+    public Date getDate() {
+        return timestamp;
+    }
+
+    @Override
+    public Set<Key> getKeys() {
+        return keys;
+    }
+
+    /**
+     * Sets the extended error message. Note: this should be used
+     * carefully as it is specific to the attribute/entry/file being checked.
+     *
+     * @param file the name of the signature related file being verified
+     * @param target the attribute containing the algorithm that is being
+     *        checked
+     */
+    public void setExtendedExceptionMsg(String file, String target) {
+        message = " used" + (target != null ? " with " + target : "") +
+                  " in " + file + " file.";
+    }
+
+    @Override
+    public String extendedExceptionMsg() {
+        return message;
+    }
+
+    @Override
+    public String toString() {
+        StringBuilder sb = new StringBuilder("[\n");
+        sb.append("\n  Variant: ").append(getVariant());
+        sb.append("\n  Certs Issued by Anchor:");
+        for (X509Certificate cert : certsIssuedByAnchor) {
+            sb.append("\n    Cert Issuer: ")
+              .append(cert.getIssuerX500Principal());
+            sb.append("\n    Cert Subject: ")
+              .append(cert.getSubjectX500Principal());
+        }
+        for (Key key : keys) {
+            sb.append("\n  Key: ").append(key.getAlgorithm());
+        }
+        if (timestamp != null) {
+            sb.append("\n  Timestamp: ").append(timestamp);
+        }
+        sb.append("\n]");
+        return sb.toString();
+    }
+}

src/java.base/share/classes/sun/security/util/JarConstraintsParameters.java

@@ -27,13 +27,12 @@
 
 import java.security.*;
 import java.io.*;
-import java.security.CodeSigner;
 import java.util.*;
 import java.util.jar.*;
 
-import java.util.Base64;
-
 import sun.security.jca.Providers;
+import sun.security.util.DisabledAlgorithmConstraints;
+import sun.security.util.JarConstraintsParameters;
 
 /**
  * This class is used to verify each entry in a jar file with its
@@ -202,12 +201,29 @@ public CodeSigner[] verify(Hashtable<String, CodeSigner[]> verifiedSigners,
             throw new SecurityException("digest missing for " + name);
         }
 
-        if (signers != null)
+        if (signers != null) {
             return signers;
+        }
+
+        JarConstraintsParameters params =
+            getParams(verifiedSigners, sigFileSigners);
 
         for (int i=0; i < digests.size(); i++) {
 
-            MessageDigest digest  = digests.get(i);
+            MessageDigest digest = digests.get(i);
+            if (params != null) {
+                try {
+                    params.setExtendedExceptionMsg(JarFile.MANIFEST_NAME,
+                        name + " entry");
+                    DisabledAlgorithmConstraints.jarConstraints()
+                           .permits(digest.getAlgorithm(), params);
+                } catch (GeneralSecurityException e) {
+                    if (debug != null) {
+                        debug.println("Digest algorithm is restricted: " + e);
+                    }
+                    return null;
+                }
+            }
             byte [] manHash = manifestHashes.get(i);
             byte [] theHash = digest.digest();
 
@@ -231,4 +247,37 @@ public CodeSigner[] verify(Hashtable<String, CodeSigner[]> verifiedSigners,
         }
         return signers;
     }
+
+    /**
+     * Get constraints parameters for JAR. The constraints should be
+     * checked against all code signers. Returns the parameters,
+     * or null if the signers for this entry have already been checked.
+     */
+    private JarConstraintsParameters getParams(
+            Map<String, CodeSigner[]> verifiedSigners,
+            Map<String, CodeSigner[]> sigFileSigners) {
+
+        // verifiedSigners is usually preloaded with the Manifest's signers.
+        // If verifiedSigners contains the Manifest, then it will have all of
+        // the signers of the JAR. But if it doesn't then we need to fallback
+        // and check verifiedSigners to see if the signers of this entry have
+        // been checked already.
+        if (verifiedSigners.containsKey(JarFile.MANIFEST_NAME)) {
+            if (verifiedSigners.size() > 1) {
+                // this means we already checked it previously
+                return null;
+            } else {
+                return new JarConstraintsParameters(
+                    verifiedSigners.get(JarFile.MANIFEST_NAME));
+            }
+        } else {
+            CodeSigner[] signers = sigFileSigners.get(name);
+            if (verifiedSigners.containsValue(signers)) {
+                return null;
+            } else {
+                return new JarConstraintsParameters(signers);
+            }
+        }
+    }
 }
+

src/java.base/share/classes/sun/security/util/ManifestEntryVerifier.java

@@ -33,7 +33,6 @@
 import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
 import java.security.SignatureException;
-import java.security.Timestamp;
 import java.security.cert.CertPath;
 import java.security.cert.X509Certificate;
 import java.security.cert.CertificateException;
@@ -47,6 +46,7 @@
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
+import java.util.Set;
 import java.util.jar.Attributes;
 import java.util.jar.JarException;
 import java.util.jar.JarFile;
@@ -61,16 +61,6 @@ public class SignatureFileVerifier {
     /* Are we debugging ? */
     private static final Debug debug = Debug.getInstance("jar");
 
-    /**
-     * Holder class to delay initialization of DisabledAlgorithmConstraints
-     * until needed.
-     */
-    private static class ConfigurationHolder {
-        static final DisabledAlgorithmConstraints JAR_DISABLED_CHECK =
-            new DisabledAlgorithmConstraints(
-                    DisabledAlgorithmConstraints.PROPERTY_JAR_DISABLED_ALGS);
-    }
-
     private ArrayList<CodeSigner[]> signerCache;
 
     private static final String ATTR_DIGEST =
@@ -99,13 +89,13 @@ private static class ConfigurationHolder {
     /* for generating certpath objects */
     private CertificateFactory certificateFactory = null;
 
-    /** Algorithms that have been checked if they are weak. */
-    private Map<String, Boolean> permittedAlgs= new HashMap<>();
-
-    /** TSA timestamp of signed jar.  The newest timestamp is used.  If there
-     *  was no TSA timestamp used when signed, current time is used ("null").
+    /** Algorithms that have been previously checked against disabled
+     *  constraints.
      */
-    private Timestamp timestamp = null;
+    private Map<String, Boolean> permittedAlgs = new HashMap<>();
+
+    /** ConstraintsParameters for checking disabled algorithms */
+    private JarConstraintsParameters params;
 
     /**
      * Create the named SignatureFileVerifier.
@@ -320,32 +310,23 @@ private void processImpl(Hashtable<String, CodeSigner[]> signers,
                                         name);
         }
 
-
         CodeSigner[] newSigners = getSigners(infos, block);
 
         // make sure we have something to do all this work for...
-        if (newSigners == null)
+        if (newSigners == null) {
             return;
+        }
 
-        /*
-         * Look for the latest timestamp in the signature block.  If an entry
-         * has no timestamp, use current time (aka null).
-         */
-        for (CodeSigner s: newSigners) {
-            if (debug != null) {
-                debug.println("Gathering timestamp for:  " + s.toString());
-            }
-            if (s.getTimestamp() == null) {
-                timestamp = null;
-                break;
-            } else if (timestamp == null) {
-                timestamp = s.getTimestamp();
-            } else {
-                if (timestamp.getTimestamp().before(
-                        s.getTimestamp().getTimestamp())) {
-                    timestamp = s.getTimestamp();
-                }
-            }
+        // check if any of the algorithms used to verify the SignerInfos
+        // are disabled
+        params = new JarConstraintsParameters(newSigners);
+        Set<String> notDisabledAlgorithms =
+            SignerInfo.verifyAlgorithms(infos, params, name + " PKCS7");
+
+        // add the SignerInfo algorithms that are ok to the permittedAlgs map
+        // so they are not checked again
+        for (String algorithm : notDisabledAlgorithms) {
+            permittedAlgs.put(algorithm, Boolean.TRUE);
         }
 
         Iterator<Map.Entry<String,Attributes>> entries =
@@ -396,13 +377,14 @@ private void processImpl(Hashtable<String, CodeSigner[]> signers,
      * store the result. If the algorithm is in the map use that result.
      * False is returned for weak algorithm, true for good algorithms.
      */
-    boolean permittedCheck(String key, String algorithm) {
+    private boolean permittedCheck(String key, String algorithm) {
         Boolean permitted = permittedAlgs.get(algorithm);
         if (permitted == null) {
             try {
-                ConfigurationHolder.JAR_DISABLED_CHECK.permits(algorithm,
-                        new ConstraintsParameters(timestamp));
-            } catch(GeneralSecurityException e) {
+                params.setExtendedExceptionMsg(name + ".SF", key + " attribute");
+                DisabledAlgorithmConstraints
+                    .jarConstraints().permits(algorithm, params);
+            } catch (GeneralSecurityException e) {
                 permittedAlgs.put(algorithm, Boolean.FALSE);
                 permittedAlgs.put(key.toUpperCase(), Boolean.FALSE);
                 if (debug != null) {

src/java.base/share/classes/sun/security/util/SignatureFileVerifier.java

@@ -224,7 +224,7 @@ X509Certificate[] engineValidate(X509Certificate[] chain,
         // add new algorithm constraints checker
         if (constraints != null) {
             pkixParameters.addCertPathChecker(
-                    new AlgorithmChecker(constraints, null, variant));
+                    new AlgorithmChecker(constraints, variant));
         }
 
         // attach it to the PKIXBuilderParameters.

src/java.base/share/classes/sun/security/validator/PKIXValidator.java

@@ -167,7 +167,7 @@ X509Certificate[] engineValidate(X509Certificate[] chain,
         AlgorithmChecker appAlgChecker = null;
         if (constraints != null) {
             appAlgChecker = new AlgorithmChecker(anchor, constraints, null,
-                    null, variant);
+                    variant);
         }
 
         // verify top down, starting at the certificate issued by

src/java.base/share/classes/sun/security/validator/SimpleValidator.java

@@ -318,15 +318,14 @@ public static void main(String[] args) throws Throwable {
                 sign("tsdisabled", "-digestalg", "MD5",
                                 "-sigalg", "MD5withRSA", "-tsadigestalg", "MD5")
                         .shouldHaveExitValue(68)
-                        .shouldContain("The timestamp is invalid. Without a valid timestamp")
+                        .shouldContain("TSA certificate chain is invalid")
                         .shouldMatch("MD5.*-digestalg.*is disabled")
                         .shouldMatch("MD5.*-tsadigestalg.*is disabled")
                         .shouldMatch("MD5withRSA.*-sigalg.*is disabled");
                 checkDisabled("tsdisabled.jar");
 
                 signVerbose("tsdisabled", "unsigned.jar", "tsdisabled2.jar", "signer")
                         .shouldHaveExitValue(64)
-                        .shouldContain("The timestamp is invalid. Without a valid timestamp")
                         .shouldContain("TSA certificate chain is invalid");
 
                 // Disabled timestamp is an error and jar treated unsigned
@@ -658,7 +657,7 @@ static void checkDisabled(String file) throws Exception {
                 .shouldMatch("Timestamp signature algorithm: .*key.*(disabled)");
         verify(file, "-J-Djava.security.debug=jar")
                 .shouldHaveExitValue(16)
-                .shouldMatch("SignatureException:.*disabled");
+                .shouldMatch("SignatureException:.*keysize");
 
         // For 8171319: keytool should print out warnings when reading or
         //              generating cert/cert req using disabled algorithms.