use of com.android.apksig.internal.pkcs7.SignerIdentifier in project apksig by venshine.
the class Certificate method isMatchingCerticicate.
private static boolean isMatchingCerticicate(X509Certificate cert, SignerIdentifier id) {
if (id.issuerAndSerialNumber == null) {
// Android doesn't support any other means of identifying the signing certificate
return false;
}
IssuerAndSerialNumber issuerAndSerialNumber = id.issuerAndSerialNumber;
byte[] encodedIssuer = ByteBufferUtils.toByteArray(issuerAndSerialNumber.issuer.getEncoded());
X500Principal idIssuer = new X500Principal(encodedIssuer);
BigInteger idSerialNumber = issuerAndSerialNumber.certificateSerialNumber;
return idSerialNumber.equals(cert.getSerialNumber()) && idIssuer.equals(cert.getIssuerX500Principal());
}
use of com.android.apksig.internal.pkcs7.SignerIdentifier in project apksig by venshine.
the class ApkSigningBlockUtils method generatePkcs7DerEncodedMessage.
/**
* Wrap the signature according to CMS PKCS #7 RFC 5652.
* The high-level simplified structure is as follows:
* // ContentInfo
* // digestAlgorithm
* // SignedData
* // bag of certificates
* // SignerInfo
* // signing cert issuer and serial number (for locating the cert in the above bag)
* // digestAlgorithm
* // signatureAlgorithm
* // signature
*
* @throws Asn1EncodingException if the ASN.1 structure could not be encoded
*/
public static byte[] generatePkcs7DerEncodedMessage(byte[] signatureBytes, ByteBuffer data, List<X509Certificate> signerCerts, AlgorithmIdentifier digestAlgorithmId, AlgorithmIdentifier signatureAlgorithmId) throws Asn1EncodingException, CertificateEncodingException {
SignerInfo signerInfo = new SignerInfo();
signerInfo.version = 1;
X509Certificate signingCert = signerCerts.get(0);
X500Principal signerCertIssuer = signingCert.getIssuerX500Principal();
signerInfo.sid = new SignerIdentifier(new IssuerAndSerialNumber(new Asn1OpaqueObject(signerCertIssuer.getEncoded()), signingCert.getSerialNumber()));
signerInfo.digestAlgorithm = digestAlgorithmId;
signerInfo.signatureAlgorithm = signatureAlgorithmId;
signerInfo.signature = ByteBuffer.wrap(signatureBytes);
SignedData signedData = new SignedData();
signedData.certificates = new ArrayList<>(signerCerts.size());
for (X509Certificate cert : signerCerts) {
signedData.certificates.add(new Asn1OpaqueObject(cert.getEncoded()));
}
signedData.version = 1;
signedData.digestAlgorithms = Collections.singletonList(digestAlgorithmId);
signedData.encapContentInfo = new EncapsulatedContentInfo(Pkcs7Constants.OID_DATA);
// If data is not null, data will be embedded as is in the result -- an attached pcsk7
signedData.encapContentInfo.content = data;
signedData.signerInfos = Collections.singletonList(signerInfo);
ContentInfo contentInfo = new ContentInfo();
contentInfo.contentType = Pkcs7Constants.OID_SIGNED_DATA;
contentInfo.content = new Asn1OpaqueObject(Asn1DerEncoder.encode(signedData));
return Asn1DerEncoder.encode(contentInfo);
}
Aggregations