diff options
| author | Szymon Starzycki <sstar@google.com> | 2013-10-02 17:21:41 -0700 |
|---|---|---|
| committer | Colin Cross <ccross@android.com> | 2013-12-04 15:00:52 -0800 |
| commit | 4662a114a416e636de805fbd875f8b90fc5965b9 (patch) | |
| tree | cd62973e812f8f2972893ba2ef4dc405192258c6 /fastbootd/other | |
| parent | 27ea99fb99153e3b2d45efd6fce9785538469e49 (diff) | |
| download | core-4662a114a416e636de805fbd875f8b90fc5965b9.tar.gz core-4662a114a416e636de805fbd875f8b90fc5965b9.tar.bz2 core-4662a114a416e636de805fbd875f8b90fc5965b9.zip | |
Revert "Revert "Fastbootd: flashing certification""
CMS functionality is now available
This reverts commit 068b71dd9cd6cb03dfcdc0c9deced361780bc0d3.
Conflicts:
fastbootd/Android.mk
fastbootd/fastbootd.c
fastbootd/utils.c
fastbootd/utils.h
Change-Id: I1a27459b41d9297603deb124c65f237ff971e5b6
Diffstat (limited to 'fastbootd/other')
| -rw-r--r-- | fastbootd/other/sign/src/SignImg.java | 181 |
1 files changed, 181 insertions, 0 deletions
diff --git a/fastbootd/other/sign/src/SignImg.java b/fastbootd/other/sign/src/SignImg.java new file mode 100644 index 000000000..338d427fa --- /dev/null +++ b/fastbootd/other/sign/src/SignImg.java @@ -0,0 +1,181 @@ +package signtool; + +import java.io.*; +import java.util.Properties; +import java.util.ArrayList; + +import javax.mail.internet.*; +import javax.mail.MessagingException; +import javax.mail.Session; +import javax.activation.MailcapCommandMap; +import javax.activation.CommandMap; + +import java.security.PrivateKey; +import java.security.Security; +import java.security.KeyFactory; +import java.security.KeyStore; +import java.security.NoSuchAlgorithmException; +import java.security.spec.PKCS8EncodedKeySpec; +import java.security.spec.InvalidKeySpecException; +import java.security.cert.X509Certificate; +import java.security.cert.CertificateFactory; +import java.security.cert.Certificate; +import java.security.cert.CertificateException; +import java.security.cert.CertificateEncodingException; + +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder; +import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder; +import org.bouncycastle.operator.ContentSigner; +import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; +import org.bouncycastle.cms.CMSProcessableByteArray; +import org.bouncycastle.cms.CMSSignedGenerator; +import org.bouncycastle.cms.CMSSignedDataGenerator; +import org.bouncycastle.cms.CMSSignedGenerator; +import org.bouncycastle.cms.CMSProcessable; +import org.bouncycastle.cms.CMSSignedData; +import org.bouncycastle.cms.CMSTypedData; +import org.bouncycastle.cert.jcajce.JcaCertStore; +import org.bouncycastle.util.Store; +import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.DEROutputStream; +import org.bouncycastle.asn1.ASN1Object; + + +public class SignImg { + + /* It reads private key in pkcs#8 formate + * Conversion: + * openssl pkcs8 -topk8 -nocrypt -outform DER < inkey.pem > outkey.pk8 + */ + private static PrivateKey getPrivateKey(String path) throws IOException, FileNotFoundException, NoSuchAlgorithmException, InvalidKeySpecException { + File file = new File(path); + FileInputStream fis = new FileInputStream(file); + byte[] data = new byte[(int)file.length()]; + fis.read(data); + fis.close(); + + PKCS8EncodedKeySpec kspec = new PKCS8EncodedKeySpec(data); + KeyFactory kf = KeyFactory.getInstance("RSA"); + PrivateKey privateKey = kf.generatePrivate(kspec); + + return privateKey; + } + + private static MimeBodyPart getContent(String path) throws IOException, FileNotFoundException, MessagingException { + MimeBodyPart body = new MimeBodyPart(); + + File file = new File(path); + FileInputStream fis = new FileInputStream(file); + byte[] data = new byte[(int)file.length()]; + fis.read(data); + fis.close(); + + body.setContent(data, "application/octet-stream"); + + return body; + } + + private static CMSProcessableByteArray getCMSContent(String path) throws IOException, FileNotFoundException, MessagingException { + File file = new File(path); + FileInputStream fis = new FileInputStream(file); + byte[] data = new byte[(int)file.length()]; + fis.read(data); + fis.close(); + CMSProcessableByteArray cms = new CMSProcessableByteArray(data); + + return cms; + } + + private static X509Certificate readCert(String path) throws IOException, FileNotFoundException, CertificateException { + File file = new File(path); + FileInputStream is = new FileInputStream(file); + + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + Certificate cert = cf.generateCertificate(is); + is.close(); + + return (X509Certificate) cert; + } + + private static void save(MimeBodyPart content, String path) throws IOException, FileNotFoundException, MessagingException { + File file = new File(path); + FileOutputStream os = new FileOutputStream(file); + + content.writeTo(os); + + os.close(); + } + + private static Store certToStore(X509Certificate certificate) throws CertificateEncodingException { + ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>(); + certList.add(certificate); + return new JcaCertStore(certList); + } + + public static void setDefaultMailcap() + { + MailcapCommandMap _mailcap = + (MailcapCommandMap)CommandMap.getDefaultCommandMap(); + + _mailcap.addMailcap("application/pkcs7-signature;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.pkcs7_signature"); + _mailcap.addMailcap("application/pkcs7-mime;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.pkcs7_mime"); + _mailcap.addMailcap("application/x-pkcs7-signature;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.x_pkcs7_signature"); + _mailcap.addMailcap("application/x-pkcs7-mime;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.x_pkcs7_mime"); + _mailcap.addMailcap("multipart/signed;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.multipart_signed"); + + CommandMap.setDefaultCommandMap(_mailcap); + } + + public static void main(String[] args) { + try { + if (args.length < 4) { + System.out.println("Usage: signimg data private_key certificate output"); + return; + } + System.out.println("Signing the image"); + setDefaultMailcap(); + + Security.addProvider(new BouncyCastleProvider()); + + PrivateKey key = getPrivateKey(args[1]); + System.out.println("File read sucessfully"); + + CMSSignedDataGenerator generator = new CMSSignedDataGenerator(); + + CMSTypedData body = getCMSContent(args[0]); + System.out.println("Content read sucessfully"); + + X509Certificate cert = (X509Certificate) readCert(args[2]); + System.out.println("Certificate read sucessfully"); + + ContentSigner sha256Signer = new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build(key); + + Store certs = certToStore(cert); + + generator.addCertificates(certs); + generator.addSignerInfoGenerator( + new JcaSignerInfoGeneratorBuilder( + new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()) + .build(sha256Signer, cert)); + + CMSSignedData signed = generator.generate(body, true); + System.out.println("Signed"); + + Properties props = System.getProperties(); + Session session = Session.getDefaultInstance(props, null); + + File file = new File(args[3]); + FileOutputStream os = new FileOutputStream(file); + + ASN1InputStream asn1 = new ASN1InputStream(signed.getEncoded()); + ByteArrayOutputStream out = new ByteArrayOutputStream(); + DEROutputStream dOut = new DEROutputStream(os); + dOut.writeObject(ASN1Object.fromByteArray(signed.getEncoded())); + + } + catch (Exception ex) { + System.out.println("Exception during programm execution: " + ex.getMessage()); + } + } +} |