Developer Libraries » Trusted Intents

package info.guardianproject.trustedintents;

import android.content.pm.Signature;

import java.math.BigInteger;

import java.security.MessageDigest;

import java.security.NoSuchAlgorithmException;

public abstract class CertificatePin {

    protected byte[] certificate = null;

    private Signature[] signatures;

    public byte[] getEncoded() {

        return certificate; // DER-encoded X.509 Certificate

    }

    public Signature[] getSignatures() {

        // TODO this needs to handle multiple Signature instances

        if (signatures == null) {

            signatures = new Signature[1];

            signatures[0] = new Signature(certificate);

        }

        return signatures;

    }

    public String getFingerprint(String algorithm) {

        try {

            MessageDigest md = MessageDigest.getInstance(algorithm);

            byte[] hashBytes = md.digest(certificate);

            BigInteger bi = new BigInteger(1, hashBytes);

            md.reset();

            return String.format("%0" + (hashBytes.length << 1) + "x", bi);

        } catch (NoSuchAlgorithmException e) {

            e.printStackTrace();

        }

        return null;

    }

    public String getMD5Fingerprint() {

        return getFingerprint("MD5");

    }

    public String getSHA1Fingerprint() {

        return getFingerprint("SHA1");

    }

    public String getSHA256Fingerprint(byte[] input) {

        return getFingerprint("SHA-256");

    }

}

package info.guardianproject.trustedintents;

import android.content.pm.PackageManager.NameNotFoundException;

import android.content.pm.Signature;

import android.text.TextUtils;

import java.security.cert.CertificateException;

import java.util.LinkedHashMap;

public class TrustedIntents {

    private static TrustedIntents instance;

    private LinkedHashMap<String, Signature[]> map = new LinkedHashMap<String, Signature[]>();

    private TrustedIntents() {

    }

    public static TrustedIntents get() {

        if (instance == null)

            instance = new TrustedIntents();

        return instance;

    }

    public void addPin(String packageName, Signature[] pin) {

        map.put(packageName, pin);

    }

    public void checkPin(String packageName, Signature[] signatures)

            throws NameNotFoundException, CertificateException {

        if (TextUtils.isEmpty(packageName))

            throw new NameNotFoundException("packageName cannot be null or empty!");

        if (signatures == null || signatures.length == 0)

            throw new CertificateException("signatures cannot be null or empty!");

        for (int i = 0; i < signatures.length; i++)

            if (signatures[i] == null || signatures[i].toByteArray().length == 0)

                throw new CertificateException("Certificates cannot be null or empty!");

        if (!map.containsKey(packageName))

            throw new NameNotFoundException(packageName);

        if (!areSignaturesEqual(signatures, map.get(packageName)))

            throw new CertificateException("Signature not equal to pin for " + packageName);

    }

    public boolean areSignaturesEqual(Signature[] sigs0, Signature[] sigs1) {

        // TODO where is Android's implementation of this that I can just call?

        if (sigs0 == null || sigs1 == null)

            return false;

        if (sigs0.length == 0 || sigs1.length == 0)

            return false;

        if (sigs0.length != sigs1.length)

            return false;

        for (int i = 0; i < sigs0.length; i++)

            if (!sigs0[i].equals(sigs1[i]))

                return false;

        return true;

    }

}