19066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project/* 29066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project * Copyright (C) 2008 The Android Open Source Project 39066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project * 49066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project * Licensed under the Apache License, Version 2.0 (the "License"); 59066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project * you may not use this file except in compliance with the License. 69066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project * You may obtain a copy of the License at 79066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project * 89066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project * http://www.apache.org/licenses/LICENSE-2.0 99066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project * 109066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project * Unless required by applicable law or agreed to in writing, software 119066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project * distributed under the License is distributed on an "AS IS" BASIS, 129066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 139066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project * See the License for the specific language governing permissions and 149066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project * limitations under the License. 159066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project */ 169066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project 179066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Projectpackage android.content.pm; 189066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project 199066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Projectimport android.os.Parcel; 209066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Projectimport android.os.Parcelable; 219066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project 2294c91dca55de9ffdbe072fcc5dd6dbf1efe5e4c1Jeff Sharkeyimport com.android.internal.util.ArrayUtils; 2394c91dca55de9ffdbe072fcc5dd6dbf1efe5e4c1Jeff Sharkey 2405ca4c90644921df9193d92b2abdc81ef77e4a62Kenny Rootimport java.io.ByteArrayInputStream; 25d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkeyimport java.io.InputStream; 26de0ff63700c1836771d797e6c7340b18cb814484Kenny Rootimport java.lang.ref.SoftReference; 2705ca4c90644921df9193d92b2abdc81ef77e4a62Kenny Rootimport java.security.PublicKey; 2805ca4c90644921df9193d92b2abdc81ef77e4a62Kenny Rootimport java.security.cert.Certificate; 29a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efdKenny Rootimport java.security.cert.CertificateEncodingException; 3005ca4c90644921df9193d92b2abdc81ef77e4a62Kenny Rootimport java.security.cert.CertificateException; 3105ca4c90644921df9193d92b2abdc81ef77e4a62Kenny Rootimport java.security.cert.CertificateFactory; 32d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkeyimport java.security.cert.X509Certificate; 339066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Projectimport java.util.Arrays; 349066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project 359066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project/** 363a44f3f1b446315ef894e01d2ab9b5388c2bd8c4Jeff Sharkey * Opaque, immutable representation of a signing certificate associated with an 379066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project * application package. 383a44f3f1b446315ef894e01d2ab9b5388c2bd8c4Jeff Sharkey * <p> 393a44f3f1b446315ef894e01d2ab9b5388c2bd8c4Jeff Sharkey * This class name is slightly misleading, since it's not actually a signature. 409066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project */ 419066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Projectpublic class Signature implements Parcelable { 429066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project private final byte[] mSignature; 439066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project private int mHashCode; 449066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project private boolean mHaveHashCode; 45de0ff63700c1836771d797e6c7340b18cb814484Kenny Root private SoftReference<String> mStringRef; 46a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efdKenny Root private Certificate[] mCertificateChain; 479066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project 489066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project /** 499066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project * Create Signature from an existing raw byte array. 509066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project */ 519066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project public Signature(byte[] signature) { 529066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project mSignature = signature.clone(); 53a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efdKenny Root mCertificateChain = null; 54a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efdKenny Root } 55a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efdKenny Root 56a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efdKenny Root /** 57a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efdKenny Root * Create signature from a certificate chain. Used for backward 58a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efdKenny Root * compatibility. 59a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efdKenny Root * 60a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efdKenny Root * @throws CertificateEncodingException 61a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efdKenny Root * @hide 62a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efdKenny Root */ 63a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efdKenny Root public Signature(Certificate[] certificateChain) throws CertificateEncodingException { 64a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efdKenny Root mSignature = certificateChain[0].getEncoded(); 65a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efdKenny Root if (certificateChain.length > 1) { 66a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efdKenny Root mCertificateChain = Arrays.copyOfRange(certificateChain, 1, certificateChain.length); 67a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efdKenny Root } 689066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project } 699066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project 701137341885d8dc451dddc2e01319fb0fab00bbc3Kenny Root private static final int parseHexDigit(int nibble) { 711137341885d8dc451dddc2e01319fb0fab00bbc3Kenny Root if ('0' <= nibble && nibble <= '9') { 721137341885d8dc451dddc2e01319fb0fab00bbc3Kenny Root return nibble - '0'; 731137341885d8dc451dddc2e01319fb0fab00bbc3Kenny Root } else if ('a' <= nibble && nibble <= 'f') { 741137341885d8dc451dddc2e01319fb0fab00bbc3Kenny Root return nibble - 'a' + 10; 751137341885d8dc451dddc2e01319fb0fab00bbc3Kenny Root } else if ('A' <= nibble && nibble <= 'F') { 761137341885d8dc451dddc2e01319fb0fab00bbc3Kenny Root return nibble - 'A' + 10; 771137341885d8dc451dddc2e01319fb0fab00bbc3Kenny Root } else { 781137341885d8dc451dddc2e01319fb0fab00bbc3Kenny Root throw new IllegalArgumentException("Invalid character " + nibble + " in hex string"); 791137341885d8dc451dddc2e01319fb0fab00bbc3Kenny Root } 801137341885d8dc451dddc2e01319fb0fab00bbc3Kenny Root } 811137341885d8dc451dddc2e01319fb0fab00bbc3Kenny Root 829066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project /** 839066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project * Create Signature from a text representation previously returned by 841137341885d8dc451dddc2e01319fb0fab00bbc3Kenny Root * {@link #toChars} or {@link #toCharsString()}. Signatures are expected to 851137341885d8dc451dddc2e01319fb0fab00bbc3Kenny Root * be a hex-encoded ASCII string. 861137341885d8dc451dddc2e01319fb0fab00bbc3Kenny Root * 871137341885d8dc451dddc2e01319fb0fab00bbc3Kenny Root * @param text hex-encoded string representing the signature 881137341885d8dc451dddc2e01319fb0fab00bbc3Kenny Root * @throws IllegalArgumentException when signature is odd-length 899066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project */ 909066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project public Signature(String text) { 91d21d444426911d93c507a929a8223ebf63258954Kenny Root final byte[] input = text.getBytes(); 92d21d444426911d93c507a929a8223ebf63258954Kenny Root final int N = input.length; 931137341885d8dc451dddc2e01319fb0fab00bbc3Kenny Root 941137341885d8dc451dddc2e01319fb0fab00bbc3Kenny Root if (N % 2 != 0) { 951137341885d8dc451dddc2e01319fb0fab00bbc3Kenny Root throw new IllegalArgumentException("text size " + N + " is not even"); 961137341885d8dc451dddc2e01319fb0fab00bbc3Kenny Root } 971137341885d8dc451dddc2e01319fb0fab00bbc3Kenny Root 98d21d444426911d93c507a929a8223ebf63258954Kenny Root final byte[] sig = new byte[N / 2]; 99d21d444426911d93c507a929a8223ebf63258954Kenny Root int sigIndex = 0; 100d21d444426911d93c507a929a8223ebf63258954Kenny Root 101d21d444426911d93c507a929a8223ebf63258954Kenny Root for (int i = 0; i < N;) { 1021137341885d8dc451dddc2e01319fb0fab00bbc3Kenny Root final int hi = parseHexDigit(input[i++]); 1031137341885d8dc451dddc2e01319fb0fab00bbc3Kenny Root final int lo = parseHexDigit(input[i++]); 1041137341885d8dc451dddc2e01319fb0fab00bbc3Kenny Root sig[sigIndex++] = (byte) ((hi << 4) | lo); 1059066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project } 106d21d444426911d93c507a929a8223ebf63258954Kenny Root 1079066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project mSignature = sig; 1089066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project } 1099066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project 1109066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project /** 1119066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project * Encode the Signature as ASCII text. 1129066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project */ 1139066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project public char[] toChars() { 1149066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project return toChars(null, null); 1159066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project } 1169066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project 1179066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project /** 1189066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project * Encode the Signature as ASCII text in to an existing array. 1199066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project * 1209066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project * @param existingArray Existing char array or null. 1219066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project * @param outLen Output parameter for the number of characters written in 1229066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project * to the array. 1239066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project * @return Returns either <var>existingArray</var> if it was large enough 1249066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project * to hold the ASCII representation, or a newly created char[] array if 1259066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project * needed. 1269066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project */ 1279066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project public char[] toChars(char[] existingArray, int[] outLen) { 1289066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project byte[] sig = mSignature; 1299066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project final int N = sig.length; 1309066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project final int N2 = N*2; 1319066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project char[] text = existingArray == null || N2 > existingArray.length 1329066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project ? new char[N2] : existingArray; 1339066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project for (int j=0; j<N; j++) { 1349066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project byte v = sig[j]; 1359066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project int d = (v>>4)&0xf; 1369066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project text[j*2] = (char)(d >= 10 ? ('a' + d - 10) : ('0' + d)); 1379066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project d = v&0xf; 1389066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project text[j*2+1] = (char)(d >= 10 ? ('a' + d - 10) : ('0' + d)); 1399066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project } 1409066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project if (outLen != null) outLen[0] = N; 1419066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project return text; 1429066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project } 1439066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project 1449066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project /** 1451137341885d8dc451dddc2e01319fb0fab00bbc3Kenny Root * Return the result of {@link #toChars()} as a String. 1469066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project */ 1479066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project public String toCharsString() { 148de0ff63700c1836771d797e6c7340b18cb814484Kenny Root String str = mStringRef == null ? null : mStringRef.get(); 149de0ff63700c1836771d797e6c7340b18cb814484Kenny Root if (str != null) { 150de0ff63700c1836771d797e6c7340b18cb814484Kenny Root return str; 151de0ff63700c1836771d797e6c7340b18cb814484Kenny Root } 152de0ff63700c1836771d797e6c7340b18cb814484Kenny Root str = new String(toChars()); 153de0ff63700c1836771d797e6c7340b18cb814484Kenny Root mStringRef = new SoftReference<String>(str); 154de0ff63700c1836771d797e6c7340b18cb814484Kenny Root return str; 1559066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project } 1569066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project 1579066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project /** 1589066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project * @return the contents of this signature as a byte array. 1599066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project */ 1609066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project public byte[] toByteArray() { 1619066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project byte[] bytes = new byte[mSignature.length]; 1629066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project System.arraycopy(mSignature, 0, bytes, 0, mSignature.length); 1639066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project return bytes; 1649066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project } 1659066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project 16605ca4c90644921df9193d92b2abdc81ef77e4a62Kenny Root /** 16705ca4c90644921df9193d92b2abdc81ef77e4a62Kenny Root * Returns the public key for this signature. 16805ca4c90644921df9193d92b2abdc81ef77e4a62Kenny Root * 16905ca4c90644921df9193d92b2abdc81ef77e4a62Kenny Root * @throws CertificateException when Signature isn't a valid X.509 17005ca4c90644921df9193d92b2abdc81ef77e4a62Kenny Root * certificate; shouldn't happen. 17105ca4c90644921df9193d92b2abdc81ef77e4a62Kenny Root * @hide 17205ca4c90644921df9193d92b2abdc81ef77e4a62Kenny Root */ 17305ca4c90644921df9193d92b2abdc81ef77e4a62Kenny Root public PublicKey getPublicKey() throws CertificateException { 17405ca4c90644921df9193d92b2abdc81ef77e4a62Kenny Root final CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); 17505ca4c90644921df9193d92b2abdc81ef77e4a62Kenny Root final ByteArrayInputStream bais = new ByteArrayInputStream(mSignature); 17605ca4c90644921df9193d92b2abdc81ef77e4a62Kenny Root final Certificate cert = certFactory.generateCertificate(bais); 17705ca4c90644921df9193d92b2abdc81ef77e4a62Kenny Root return cert.getPublicKey(); 17805ca4c90644921df9193d92b2abdc81ef77e4a62Kenny Root } 17905ca4c90644921df9193d92b2abdc81ef77e4a62Kenny Root 180a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efdKenny Root /** 181a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efdKenny Root * Used for compatibility code that needs to check the certificate chain 182a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efdKenny Root * during upgrades. 183a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efdKenny Root * 184a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efdKenny Root * @throws CertificateEncodingException 185a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efdKenny Root * @hide 186a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efdKenny Root */ 187a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efdKenny Root public Signature[] getChainSignatures() throws CertificateEncodingException { 188a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efdKenny Root if (mCertificateChain == null) { 189a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efdKenny Root return new Signature[] { this }; 190a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efdKenny Root } 191a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efdKenny Root 192a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efdKenny Root Signature[] chain = new Signature[1 + mCertificateChain.length]; 193a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efdKenny Root chain[0] = this; 194a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efdKenny Root 195a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efdKenny Root int i = 1; 196a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efdKenny Root for (Certificate c : mCertificateChain) { 197a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efdKenny Root chain[i++] = new Signature(c.getEncoded()); 198a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efdKenny Root } 199a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efdKenny Root 200a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efdKenny Root return chain; 201a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efdKenny Root } 202a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efdKenny Root 2039066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project @Override 2049066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project public boolean equals(Object obj) { 2059066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project try { 2069066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project if (obj != null) { 2079066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project Signature other = (Signature)obj; 2081137341885d8dc451dddc2e01319fb0fab00bbc3Kenny Root return this == other || Arrays.equals(mSignature, other.mSignature); 2099066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project } 2109066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project } catch (ClassCastException e) { 2119066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project } 2129066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project return false; 2139066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project } 2149066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project 2159066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project @Override 2169066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project public int hashCode() { 2179066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project if (mHaveHashCode) { 2189066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project return mHashCode; 2199066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project } 2209066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project mHashCode = Arrays.hashCode(mSignature); 2219066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project mHaveHashCode = true; 2229066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project return mHashCode; 2239066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project } 2249066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project 2259066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project public int describeContents() { 2269066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project return 0; 2279066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project } 2289066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project 2299066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project public void writeToParcel(Parcel dest, int parcelableFlags) { 2309066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project dest.writeByteArray(mSignature); 2319066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project } 2329066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project 2339066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project public static final Parcelable.Creator<Signature> CREATOR 2349066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project = new Parcelable.Creator<Signature>() { 2359066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project public Signature createFromParcel(Parcel source) { 2369066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project return new Signature(source); 2379066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project } 2389066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project 2399066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project public Signature[] newArray(int size) { 2409066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project return new Signature[size]; 2419066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project } 2429066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project }; 2439066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project 2449066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project private Signature(Parcel source) { 2459066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project mSignature = source.createByteArray(); 2469066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project } 24794c91dca55de9ffdbe072fcc5dd6dbf1efe5e4c1Jeff Sharkey 24894c91dca55de9ffdbe072fcc5dd6dbf1efe5e4c1Jeff Sharkey /** 24994c91dca55de9ffdbe072fcc5dd6dbf1efe5e4c1Jeff Sharkey * Test if given {@link Signature} sets are exactly equal. 25094c91dca55de9ffdbe072fcc5dd6dbf1efe5e4c1Jeff Sharkey * 25194c91dca55de9ffdbe072fcc5dd6dbf1efe5e4c1Jeff Sharkey * @hide 25294c91dca55de9ffdbe072fcc5dd6dbf1efe5e4c1Jeff Sharkey */ 25394c91dca55de9ffdbe072fcc5dd6dbf1efe5e4c1Jeff Sharkey public static boolean areExactMatch(Signature[] a, Signature[] b) { 254ec55ef0934b8e0d1bb705434947de817f7be57f1Jeff Sharkey return (a.length == b.length) && ArrayUtils.containsAll(a, b) 255ec55ef0934b8e0d1bb705434947de817f7be57f1Jeff Sharkey && ArrayUtils.containsAll(b, a); 25694c91dca55de9ffdbe072fcc5dd6dbf1efe5e4c1Jeff Sharkey } 257d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey 258d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey /** 259d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey * Test if given {@link Signature} sets are effectively equal. In rare 260d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey * cases, certificates can have slightly malformed encoding which causes 261d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey * exact-byte checks to fail. 262d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey * <p> 263d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey * To identify effective equality, we bounce the certificates through an 264d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey * decode/encode pass before doing the exact-byte check. To reduce attack 265d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey * surface area, we only allow a byte size delta of a few bytes. 266d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey * 267d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey * @throws CertificateException if the before/after length differs 268d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey * substantially, usually a signal of something fishy going on. 269d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey * @hide 270d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey */ 271d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey public static boolean areEffectiveMatch(Signature[] a, Signature[] b) 272d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey throws CertificateException { 273d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey final CertificateFactory cf = CertificateFactory.getInstance("X.509"); 274d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey 275d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey final Signature[] aPrime = new Signature[a.length]; 276d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey for (int i = 0; i < a.length; i++) { 277d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey aPrime[i] = bounce(cf, a[i]); 278d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey } 279d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey final Signature[] bPrime = new Signature[b.length]; 280d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey for (int i = 0; i < b.length; i++) { 281d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey bPrime[i] = bounce(cf, b[i]); 282d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey } 283d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey 284d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey return areExactMatch(aPrime, bPrime); 285d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey } 286d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey 287d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey /** 288d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey * Bounce the given {@link Signature} through a decode/encode cycle. 289d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey * 290d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey * @throws CertificateException if the before/after length differs 291d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey * substantially, usually a signal of something fishy going on. 292d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey * @hide 293d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey */ 294d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey public static Signature bounce(CertificateFactory cf, Signature s) throws CertificateException { 295d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey final InputStream is = new ByteArrayInputStream(s.mSignature); 296d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey final X509Certificate cert = (X509Certificate) cf.generateCertificate(is); 297d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey final Signature sPrime = new Signature(cert.getEncoded()); 298d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey 299d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey if (Math.abs(sPrime.mSignature.length - s.mSignature.length) > 2) { 300d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey throw new CertificateException("Bounced cert length looks fishy; before " 301d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey + s.mSignature.length + ", after " + sPrime.mSignature.length); 302d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey } 303d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey 304d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey return sPrime; 305d68b87cdd402d46013170d9316a31c82be4e4816Jeff Sharkey } 3069066cfe9886ac131c34d59ed0e2d287b0e3c0087The Android Open Source Project} 307