Search in sources :

Example 1 with SignerIdentifier

use of com.android.apksig.internal.pkcs7.SignerIdentifier in project apksig by venshine.

the class Certificate method isMatchingCerticicate.

private static boolean isMatchingCerticicate(X509Certificate cert, SignerIdentifier id) {
    if (id.issuerAndSerialNumber == null) {
        // Android doesn't support any other means of identifying the signing certificate
        return false;
    }
    IssuerAndSerialNumber issuerAndSerialNumber = id.issuerAndSerialNumber;
    byte[] encodedIssuer = ByteBufferUtils.toByteArray(issuerAndSerialNumber.issuer.getEncoded());
    X500Principal idIssuer = new X500Principal(encodedIssuer);
    BigInteger idSerialNumber = issuerAndSerialNumber.certificateSerialNumber;
    return idSerialNumber.equals(cert.getSerialNumber()) && idIssuer.equals(cert.getIssuerX500Principal());
}
Also used : IssuerAndSerialNumber(com.android.apksig.internal.pkcs7.IssuerAndSerialNumber) X500Principal(javax.security.auth.x500.X500Principal) BigInteger(java.math.BigInteger)

Example 2 with SignerIdentifier

use of com.android.apksig.internal.pkcs7.SignerIdentifier in project apksig by venshine.

the class ApkSigningBlockUtils method generatePkcs7DerEncodedMessage.

/**
 * Wrap the signature according to CMS PKCS #7 RFC 5652.
 * The high-level simplified structure is as follows:
 * // ContentInfo
 *     //   digestAlgorithm
 *     //   SignedData
 *     //     bag of certificates
 *     //     SignerInfo
 *     //       signing cert issuer and serial number (for locating the cert in the above bag)
 *     //       digestAlgorithm
 *     //       signatureAlgorithm
 *     //       signature
 *
 * @throws Asn1EncodingException if the ASN.1 structure could not be encoded
 */
public static byte[] generatePkcs7DerEncodedMessage(byte[] signatureBytes, ByteBuffer data, List<X509Certificate> signerCerts, AlgorithmIdentifier digestAlgorithmId, AlgorithmIdentifier signatureAlgorithmId) throws Asn1EncodingException, CertificateEncodingException {
    SignerInfo signerInfo = new SignerInfo();
    signerInfo.version = 1;
    X509Certificate signingCert = signerCerts.get(0);
    X500Principal signerCertIssuer = signingCert.getIssuerX500Principal();
    signerInfo.sid = new SignerIdentifier(new IssuerAndSerialNumber(new Asn1OpaqueObject(signerCertIssuer.getEncoded()), signingCert.getSerialNumber()));
    signerInfo.digestAlgorithm = digestAlgorithmId;
    signerInfo.signatureAlgorithm = signatureAlgorithmId;
    signerInfo.signature = ByteBuffer.wrap(signatureBytes);
    SignedData signedData = new SignedData();
    signedData.certificates = new ArrayList<>(signerCerts.size());
    for (X509Certificate cert : signerCerts) {
        signedData.certificates.add(new Asn1OpaqueObject(cert.getEncoded()));
    }
    signedData.version = 1;
    signedData.digestAlgorithms = Collections.singletonList(digestAlgorithmId);
    signedData.encapContentInfo = new EncapsulatedContentInfo(Pkcs7Constants.OID_DATA);
    // If data is not null, data will be embedded as is in the result -- an attached pcsk7
    signedData.encapContentInfo.content = data;
    signedData.signerInfos = Collections.singletonList(signerInfo);
    ContentInfo contentInfo = new ContentInfo();
    contentInfo.contentType = Pkcs7Constants.OID_SIGNED_DATA;
    contentInfo.content = new Asn1OpaqueObject(Asn1DerEncoder.encode(signedData));
    return Asn1DerEncoder.encode(contentInfo);
}
Also used : IssuerAndSerialNumber(com.android.apksig.internal.pkcs7.IssuerAndSerialNumber) SignerInfo(com.android.apksig.internal.pkcs7.SignerInfo) SignedData(com.android.apksig.internal.pkcs7.SignedData) ContentInfo(com.android.apksig.internal.pkcs7.ContentInfo) EncapsulatedContentInfo(com.android.apksig.internal.pkcs7.EncapsulatedContentInfo) X500Principal(javax.security.auth.x500.X500Principal) SignerIdentifier(com.android.apksig.internal.pkcs7.SignerIdentifier) EncapsulatedContentInfo(com.android.apksig.internal.pkcs7.EncapsulatedContentInfo) Asn1OpaqueObject(com.android.apksig.internal.asn1.Asn1OpaqueObject) X509Certificate(java.security.cert.X509Certificate) GuaranteedEncodedFormX509Certificate(com.android.apksig.internal.util.GuaranteedEncodedFormX509Certificate)

Aggregations

IssuerAndSerialNumber (com.android.apksig.internal.pkcs7.IssuerAndSerialNumber)2 X500Principal (javax.security.auth.x500.X500Principal)2 Asn1OpaqueObject (com.android.apksig.internal.asn1.Asn1OpaqueObject)1 ContentInfo (com.android.apksig.internal.pkcs7.ContentInfo)1 EncapsulatedContentInfo (com.android.apksig.internal.pkcs7.EncapsulatedContentInfo)1 SignedData (com.android.apksig.internal.pkcs7.SignedData)1 SignerIdentifier (com.android.apksig.internal.pkcs7.SignerIdentifier)1 SignerInfo (com.android.apksig.internal.pkcs7.SignerInfo)1 GuaranteedEncodedFormX509Certificate (com.android.apksig.internal.util.GuaranteedEncodedFormX509Certificate)1 BigInteger (java.math.BigInteger)1 X509Certificate (java.security.cert.X509Certificate)1