Revision 01534004
| src/info/guardianproject/trustedintents/ApkSignaturePin.java | ||
|---|---|---|
| 6 | 6 |
import java.math.BigInteger; |
| 7 | 7 |
import java.security.MessageDigest; |
| 8 | 8 |
import java.security.NoSuchAlgorithmException; |
| 9 |
import java.util.Arrays; |
|
| 9 | 10 |
|
| 10 | 11 |
public abstract class ApkSignaturePin {
|
| 11 | 12 |
|
| 13 |
protected String[] fingerprints; // hex-encoded SHA-256 hashes of the certs |
|
| 12 | 14 |
protected byte[][] certificates; // array of DER-encoded X.509 certificates |
| 13 | 15 |
private Signature[] signatures; |
| 14 | 16 |
|
| ... | ... | |
| 66 | 68 |
public String getSHA256Fingerprint(byte[] input) {
|
| 67 | 69 |
return getFingerprint("SHA-256");
|
| 68 | 70 |
} |
| 71 |
|
|
| 72 |
/** |
|
| 73 |
* Compares the calculated SHA-256 cert fingerprint to the stored one. |
|
| 74 |
* |
|
| 75 |
* @return the result of the comparison |
|
| 76 |
*/ |
|
| 77 |
public boolean doFingerprintsMatchCertificates() {
|
|
| 78 |
if (fingerprints == null || certificates == null) |
|
| 79 |
return false; |
|
| 80 |
String[] calcedFingerprints = new String[certificates.length]; |
|
| 81 |
for (int i = 0; i < calcedFingerprints.length; i++) |
|
| 82 |
calcedFingerprints[i] = getSHA256Fingerprint(certificates[i]); |
|
| 83 |
if (fingerprints.length == 0 || calcedFingerprints.length == 0) |
|
| 84 |
return false; |
|
| 85 |
return Arrays.equals(fingerprints, calcedFingerprints); |
|
| 86 |
} |
|
| 69 | 87 |
} |
| test/src/com/android/AndroidIncludedAppsPin.java | ||
|---|---|---|
| 6 | 6 |
public final class AndroidIncludedAppsPin extends ApkSignaturePin {
|
| 7 | 7 |
|
| 8 | 8 |
public AndroidIncludedAppsPin() {
|
| 9 |
fingerprints = new String[] {
|
|
| 10 |
"a40da80a59d170caa950cf15c18c454d47a39b26989d8b640ecd745ba71bf5dc", |
|
| 11 |
}; |
|
| 9 | 12 |
certificates = new byte[][] {
|
| 10 | 13 |
{
|
| 11 | 14 |
48, -126, 4, -88, 48, -126, 3, -112, -96, 3, 2, 1, 2, 2, 9, 0, -109, 110, |
| ... | ... | |
| 77 | 80 |
-122, 8, 124, -13, 79, 45, -20, 33, -30, 69, -54, 108, 43, -80, 22, -26, |
| 78 | 81 |
-125, 99, -128, 80, -46, -60, 48, -18, -89, -62, 106, 28, 73, -45, 118, 10, |
| 79 | 82 |
88, -85, 127, 26, -126, -52, -109, -117, 72, 49, 56, 67, 36, -67, 4, 1, -6, |
| 80 |
18, 22, 58, 80, 87, 14, 104, 77 |
|
| 83 |
18, 22, 58, 80, 87, 14, 104, 77
|
|
| 81 | 84 |
}, |
| 82 | 85 |
}; |
| 83 | 86 |
} |
| test/src/com/android/AndroidSystemPin.java | ||
|---|---|---|
| 6 | 6 |
public final class AndroidSystemPin extends ApkSignaturePin {
|
| 7 | 7 |
|
| 8 | 8 |
public AndroidSystemPin() {
|
| 9 |
fingerprints = new String[] {
|
|
| 10 |
"c8a2e9bccf597c2fb6dc66bee293fc13f2fc47ec77bc6b2b0d52c11f51192ab8", |
|
| 11 |
}; |
|
| 9 | 12 |
certificates = new byte[][] {
|
| 10 | 13 |
{
|
| 11 | 14 |
48, -126, 4, -88, 48, -126, 3, -112, -96, 3, 2, 1, 2, 2, 9, 0, -77, -103, |
| ... | ... | |
| 79 | 82 |
-115, -43, -72, 57, -110, 3, -38, -82, 46, -44, 70, 35, 46, 79, -23, -67, |
| 80 | 83 |
-106, 19, -108, -58, 48, 14, 81, 56, -29, -49, -46, -123, -26, -28, -28, |
| 81 | 84 |
-125, 83, -116, -72, -79, -77, 87 |
| 82 |
}, |
|
| 85 |
},
|
|
| 83 | 86 |
}; |
| 84 | 87 |
} |
| 85 | 88 |
} |
| test/src/info/guardianproject/trustedintents/test/ApkSignaturePinTests.java | ||
|---|---|---|
| 17 | 17 |
|
| 18 | 18 |
public void testFingerprints() {
|
| 19 | 19 |
ApkSignaturePin android = new AndroidSystemPin(); |
| 20 |
assertTrue(android.doFingerprintsMatchCertificates()); |
|
| 20 | 21 |
Log.i(TAG, androidSystemFingerprint + " == " + android.getSHA1Fingerprint()); |
| 21 | 22 |
assertEquals(androidSystemFingerprint, android.getSHA1Fingerprint()); |
| 23 |
|
|
| 22 | 24 |
ApkSignaturePin comAndroid = new AndroidIncludedAppsPin(); |
| 25 |
assertTrue(comAndroid.doFingerprintsMatchCertificates()); |
|
| 23 | 26 |
Log.i(TAG, androidIncludedAppsFingerprint + " == " + comAndroid.getSHA1Fingerprint()); |
| 24 | 27 |
assertEquals(androidIncludedAppsFingerprint, comAndroid.getSHA1Fingerprint()); |
| 25 | 28 |
} |
Also available in: Unified diff