trustedintents / trustedintents / src / info / guardianproject / trustedintents / ApkSignaturePin.java @ cba1dc86
History | View | Annotate | Download (2.71 KB)
| 1 |
|
|---|---|
| 2 |
package info.guardianproject.trustedintents; |
| 3 |
|
| 4 |
import android.content.pm.Signature; |
| 5 |
|
| 6 |
import java.math.BigInteger; |
| 7 |
import java.security.MessageDigest; |
| 8 |
import java.security.NoSuchAlgorithmException; |
| 9 |
import java.util.Arrays; |
| 10 |
|
| 11 |
public abstract class ApkSignaturePin { |
| 12 |
|
| 13 |
protected String[] fingerprints; // hex-encoded SHA-256 hashes of the certs |
| 14 |
protected byte[][] certificates; // array of DER-encoded X.509 certificates |
| 15 |
private Signature[] signatures; |
| 16 |
|
| 17 |
public Signature[] getSignatures() { |
| 18 |
if (signatures == null) { |
| 19 |
signatures = new Signature[certificates.length]; |
| 20 |
for (int i = 0; i < certificates.length; i++) |
| 21 |
signatures[i] = new Signature(certificates[i]); |
| 22 |
} |
| 23 |
return signatures;
|
| 24 |
} |
| 25 |
|
| 26 |
/**
|
| 27 |
* Gets the fingerprint of the first certificate in the signature.
|
| 28 |
*
|
| 29 |
* @param algorithm - Which hash to use (e.g. MD5, SHA1, SHA-256)
|
| 30 |
* @return the fingerprint as hex String
|
| 31 |
*/
|
| 32 |
public String getFingerprint(String algorithm) { |
| 33 |
try {
|
| 34 |
MessageDigest md = MessageDigest.getInstance(algorithm); |
| 35 |
byte[] hashBytes = md.digest(certificates[0]); |
| 36 |
BigInteger bi = new BigInteger(1, hashBytes); |
| 37 |
md.reset(); |
| 38 |
return String.format("%0" + (hashBytes.length << 1) + "x", bi); |
| 39 |
} catch (NoSuchAlgorithmException e) { |
| 40 |
e.printStackTrace(); |
| 41 |
} |
| 42 |
return null; |
| 43 |
} |
| 44 |
|
| 45 |
/**
|
| 46 |
* Gets the MD5 fingerprint of the first certificate in the signature.
|
| 47 |
*
|
| 48 |
* @return the MD5 sum as hex String
|
| 49 |
*/
|
| 50 |
public String getMD5Fingerprint() { |
| 51 |
return getFingerprint("MD5"); |
| 52 |
} |
| 53 |
|
| 54 |
/**
|
| 55 |
* Gets the SHA1 fingerprint of the first certificate in the signature.
|
| 56 |
*
|
| 57 |
* @return the SHA1 sum as hex String
|
| 58 |
*/
|
| 59 |
public String getSHA1Fingerprint() { |
| 60 |
return getFingerprint("SHA1"); |
| 61 |
} |
| 62 |
|
| 63 |
/**
|
| 64 |
* Gets the SHA-256 fingerprint of the first certificate in the signature.
|
| 65 |
*
|
| 66 |
* @return the SHA-256 sum as hex String
|
| 67 |
*/
|
| 68 |
public String getSHA256Fingerprint() { |
| 69 |
return getFingerprint("SHA-256"); |
| 70 |
} |
| 71 |
|
| 72 |
/**
|
| 73 |
* Compares the calculated SHA-256 cert fingerprint to the stored one.
|
| 74 |
*
|
| 75 |
* @return the result of the comparison
|
| 76 |
*/
|
| 77 |
public boolean doFingerprintsMatchCertificates() { |
| 78 |
if (fingerprints == null || certificates == null) |
| 79 |
return false; |
| 80 |
String[] calcedFingerprints = new String[certificates.length]; |
| 81 |
for (int i = 0; i < calcedFingerprints.length; i++) |
| 82 |
calcedFingerprints[i] = getSHA256Fingerprint(); |
| 83 |
if (fingerprints.length == 0 || calcedFingerprints.length == 0) |
| 84 |
return false; |
| 85 |
return Arrays.equals(fingerprints, calcedFingerprints); |
| 86 |
} |
| 87 |
} |