1649fd550341328077e403dd2b2024a9958ae2652Geremy Condra/* 2649fd550341328077e403dd2b2024a9958ae2652Geremy Condra * Copyright (C) 2013 The Android Open Source Project 3649fd550341328077e403dd2b2024a9958ae2652Geremy Condra * 4649fd550341328077e403dd2b2024a9958ae2652Geremy Condra * Licensed under the Apache License, Version 2.0 (the "License"); 5649fd550341328077e403dd2b2024a9958ae2652Geremy Condra * you may not use this file except in compliance with the License. 6649fd550341328077e403dd2b2024a9958ae2652Geremy Condra * You may obtain a copy of the License at 7649fd550341328077e403dd2b2024a9958ae2652Geremy Condra * 8649fd550341328077e403dd2b2024a9958ae2652Geremy Condra * http://www.apache.org/licenses/LICENSE-2.0 9649fd550341328077e403dd2b2024a9958ae2652Geremy Condra * 10649fd550341328077e403dd2b2024a9958ae2652Geremy Condra * Unless required by applicable law or agreed to in writing, software 11649fd550341328077e403dd2b2024a9958ae2652Geremy Condra * distributed under the License is distributed on an "AS IS" BASIS, 12649fd550341328077e403dd2b2024a9958ae2652Geremy Condra * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13649fd550341328077e403dd2b2024a9958ae2652Geremy Condra * See the License for the specific language governing permissions and 14649fd550341328077e403dd2b2024a9958ae2652Geremy Condra * limitations under the License. 15649fd550341328077e403dd2b2024a9958ae2652Geremy Condra */ 16649fd550341328077e403dd2b2024a9958ae2652Geremy Condra 17649fd550341328077e403dd2b2024a9958ae2652Geremy Condrapackage com.android.verity; 18649fd550341328077e403dd2b2024a9958ae2652Geremy Condra 19241f964e10ce8bc6c401073854fdaf1662013daeSami Tolvanenimport java.security.PublicKey; 20649fd550341328077e403dd2b2024a9958ae2652Geremy Condraimport java.security.PrivateKey; 21f0f33adb7ce6557459306ce03576af4d79c0c9efSami Tolvanenimport java.security.Security; 22241f964e10ce8bc6c401073854fdaf1662013daeSami Tolvanenimport java.security.cert.X509Certificate; 23f0f33adb7ce6557459306ce03576af4d79c0c9efSami Tolvanenimport org.bouncycastle.jce.provider.BouncyCastleProvider; 24649fd550341328077e403dd2b2024a9958ae2652Geremy Condra 25cee5bfdf119104b8ebce56d54dfcdcca1f537075Geremy Condrapublic class VeritySigner { 26649fd550341328077e403dd2b2024a9958ae2652Geremy Condra 27241f964e10ce8bc6c401073854fdaf1662013daeSami Tolvanen private static void usage() { 28241f964e10ce8bc6c401073854fdaf1662013daeSami Tolvanen System.err.println("usage: VeritySigner <contentfile> <key.pk8> " + 29241f964e10ce8bc6c401073854fdaf1662013daeSami Tolvanen "<sigfile> | <contentfile> <certificate.x509.pem> <sigfile> " + 30241f964e10ce8bc6c401073854fdaf1662013daeSami Tolvanen "-verify"); 31241f964e10ce8bc6c401073854fdaf1662013daeSami Tolvanen System.exit(1); 32241f964e10ce8bc6c401073854fdaf1662013daeSami Tolvanen } 33241f964e10ce8bc6c401073854fdaf1662013daeSami Tolvanen 34649fd550341328077e403dd2b2024a9958ae2652Geremy Condra public static void main(String[] args) throws Exception { 35241f964e10ce8bc6c401073854fdaf1662013daeSami Tolvanen if (args.length < 3) { 36241f964e10ce8bc6c401073854fdaf1662013daeSami Tolvanen usage(); 37241f964e10ce8bc6c401073854fdaf1662013daeSami Tolvanen return; 38241f964e10ce8bc6c401073854fdaf1662013daeSami Tolvanen } 39241f964e10ce8bc6c401073854fdaf1662013daeSami Tolvanen 40f0f33adb7ce6557459306ce03576af4d79c0c9efSami Tolvanen Security.addProvider(new BouncyCastleProvider()); 41241f964e10ce8bc6c401073854fdaf1662013daeSami Tolvanen 42cee5bfdf119104b8ebce56d54dfcdcca1f537075Geremy Condra byte[] content = Utils.read(args[0]); 43241f964e10ce8bc6c401073854fdaf1662013daeSami Tolvanen 44241f964e10ce8bc6c401073854fdaf1662013daeSami Tolvanen if (args.length > 3 && "-verify".equals(args[3])) { 45241f964e10ce8bc6c401073854fdaf1662013daeSami Tolvanen X509Certificate cert = Utils.loadPEMCertificate(args[1]); 46241f964e10ce8bc6c401073854fdaf1662013daeSami Tolvanen PublicKey publicKey = cert.getPublicKey(); 47241f964e10ce8bc6c401073854fdaf1662013daeSami Tolvanen 48241f964e10ce8bc6c401073854fdaf1662013daeSami Tolvanen byte[] signature = Utils.read(args[2]); 49241f964e10ce8bc6c401073854fdaf1662013daeSami Tolvanen 50241f964e10ce8bc6c401073854fdaf1662013daeSami Tolvanen try { 51241f964e10ce8bc6c401073854fdaf1662013daeSami Tolvanen if (Utils.verify(publicKey, content, signature, 52241f964e10ce8bc6c401073854fdaf1662013daeSami Tolvanen Utils.getSignatureAlgorithmIdentifier(publicKey))) { 53241f964e10ce8bc6c401073854fdaf1662013daeSami Tolvanen System.err.println("Signature is VALID"); 54241f964e10ce8bc6c401073854fdaf1662013daeSami Tolvanen System.exit(0); 55241f964e10ce8bc6c401073854fdaf1662013daeSami Tolvanen } else { 56241f964e10ce8bc6c401073854fdaf1662013daeSami Tolvanen System.err.println("Signature is INVALID"); 57241f964e10ce8bc6c401073854fdaf1662013daeSami Tolvanen } 58241f964e10ce8bc6c401073854fdaf1662013daeSami Tolvanen } catch (Exception e) { 59241f964e10ce8bc6c401073854fdaf1662013daeSami Tolvanen e.printStackTrace(System.err); 60241f964e10ce8bc6c401073854fdaf1662013daeSami Tolvanen } 61241f964e10ce8bc6c401073854fdaf1662013daeSami Tolvanen 62241f964e10ce8bc6c401073854fdaf1662013daeSami Tolvanen System.exit(1); 63241f964e10ce8bc6c401073854fdaf1662013daeSami Tolvanen } else { 64241f964e10ce8bc6c401073854fdaf1662013daeSami Tolvanen PrivateKey privateKey = Utils.loadDERPrivateKey(Utils.read(args[1])); 65241f964e10ce8bc6c401073854fdaf1662013daeSami Tolvanen byte[] signature = Utils.sign(privateKey, content); 66241f964e10ce8bc6c401073854fdaf1662013daeSami Tolvanen Utils.write(signature, args[2]); 67241f964e10ce8bc6c401073854fdaf1662013daeSami Tolvanen } 68649fd550341328077e403dd2b2024a9958ae2652Geremy Condra } 69649fd550341328077e403dd2b2024a9958ae2652Geremy Condra} 70