trustedintents / trustedintents / src / info / guardianproject / trustedintents / ApkSignaturePin.java @ cba1dc86
History | View | Annotate | Download (2.71 KB)
1 |
|
---|---|
2 |
package info.guardianproject.trustedintents; |
3 |
|
4 |
import android.content.pm.Signature; |
5 |
|
6 |
import java.math.BigInteger; |
7 |
import java.security.MessageDigest; |
8 |
import java.security.NoSuchAlgorithmException; |
9 |
import java.util.Arrays; |
10 |
|
11 |
public abstract class ApkSignaturePin { |
12 |
|
13 |
protected String[] fingerprints; // hex-encoded SHA-256 hashes of the certs |
14 |
protected byte[][] certificates; // array of DER-encoded X.509 certificates |
15 |
private Signature[] signatures; |
16 |
|
17 |
public Signature[] getSignatures() { |
18 |
if (signatures == null) { |
19 |
signatures = new Signature[certificates.length]; |
20 |
for (int i = 0; i < certificates.length; i++) |
21 |
signatures[i] = new Signature(certificates[i]); |
22 |
} |
23 |
return signatures;
|
24 |
} |
25 |
|
26 |
/**
|
27 |
* Gets the fingerprint of the first certificate in the signature.
|
28 |
*
|
29 |
* @param algorithm - Which hash to use (e.g. MD5, SHA1, SHA-256)
|
30 |
* @return the fingerprint as hex String
|
31 |
*/
|
32 |
public String getFingerprint(String algorithm) { |
33 |
try {
|
34 |
MessageDigest md = MessageDigest.getInstance(algorithm); |
35 |
byte[] hashBytes = md.digest(certificates[0]); |
36 |
BigInteger bi = new BigInteger(1, hashBytes); |
37 |
md.reset(); |
38 |
return String.format("%0" + (hashBytes.length << 1) + "x", bi); |
39 |
} catch (NoSuchAlgorithmException e) { |
40 |
e.printStackTrace(); |
41 |
} |
42 |
return null; |
43 |
} |
44 |
|
45 |
/**
|
46 |
* Gets the MD5 fingerprint of the first certificate in the signature.
|
47 |
*
|
48 |
* @return the MD5 sum as hex String
|
49 |
*/
|
50 |
public String getMD5Fingerprint() { |
51 |
return getFingerprint("MD5"); |
52 |
} |
53 |
|
54 |
/**
|
55 |
* Gets the SHA1 fingerprint of the first certificate in the signature.
|
56 |
*
|
57 |
* @return the SHA1 sum as hex String
|
58 |
*/
|
59 |
public String getSHA1Fingerprint() { |
60 |
return getFingerprint("SHA1"); |
61 |
} |
62 |
|
63 |
/**
|
64 |
* Gets the SHA-256 fingerprint of the first certificate in the signature.
|
65 |
*
|
66 |
* @return the SHA-256 sum as hex String
|
67 |
*/
|
68 |
public String getSHA256Fingerprint() { |
69 |
return getFingerprint("SHA-256"); |
70 |
} |
71 |
|
72 |
/**
|
73 |
* Compares the calculated SHA-256 cert fingerprint to the stored one.
|
74 |
*
|
75 |
* @return the result of the comparison
|
76 |
*/
|
77 |
public boolean doFingerprintsMatchCertificates() { |
78 |
if (fingerprints == null || certificates == null) |
79 |
return false; |
80 |
String[] calcedFingerprints = new String[certificates.length]; |
81 |
for (int i = 0; i < calcedFingerprints.length; i++) |
82 |
calcedFingerprints[i] = getSHA256Fingerprint(); |
83 |
if (fingerprints.length == 0 || calcedFingerprints.length == 0) |
84 |
return false; |
85 |
return Arrays.equals(fingerprints, calcedFingerprints); |
86 |
} |
87 |
} |