am 7878883e: Merge "Remove direct reference to X509CertImpl"
* commit '7878883ed922f17c930c0d40588f62acf73f9a9c': Remove direct reference to X509CertImpl
This commit is contained in:
Kenny Root
@@ -32,10 +32,8 @@ import java.security.GeneralSecurityException;
|
||||
import java.security.PublicKey;
|
||||
import java.security.Signature;
|
||||
import java.security.SignatureException;
|
||||
import java.security.cert.Certificate;
|
||||
import java.security.cert.CertificateFactory;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.util.Collection;
|
||||
import java.util.Enumeration;
|
||||
import java.util.HashSet;
|
||||
import java.util.Iterator;
|
||||
@@ -48,7 +46,7 @@ import org.apache.harmony.security.asn1.BerInputStream;
|
||||
import org.apache.harmony.security.pkcs7.ContentInfo;
|
||||
import org.apache.harmony.security.pkcs7.SignedData;
|
||||
import org.apache.harmony.security.pkcs7.SignerInfo;
|
||||
import org.apache.harmony.security.provider.cert.X509CertImpl;
|
||||
import org.apache.harmony.security.x509.Certificate;
|
||||
|
||||
/**
|
||||
* RecoverySystem contains methods for interacting with the Android
|
||||
@@ -93,9 +91,9 @@ public class RecoverySystem {
|
||||
}
|
||||
|
||||
/** @return the set of certs that can be used to sign an OTA package. */
|
||||
private static HashSet<Certificate> getTrustedCerts(File keystore)
|
||||
private static HashSet<X509Certificate> getTrustedCerts(File keystore)
|
||||
throws IOException, GeneralSecurityException {
|
||||
HashSet<Certificate> trusted = new HashSet<Certificate>();
|
||||
HashSet<X509Certificate> trusted = new HashSet<X509Certificate>();
|
||||
if (keystore == null) {
|
||||
keystore = DEFAULT_KEYSTORE;
|
||||
}
|
||||
@@ -107,7 +105,7 @@ public class RecoverySystem {
|
||||
ZipEntry entry = entries.nextElement();
|
||||
InputStream is = zip.getInputStream(entry);
|
||||
try {
|
||||
trusted.add(cf.generateCertificate(is));
|
||||
trusted.add((X509Certificate) cf.generateCertificate(is));
|
||||
} finally {
|
||||
is.close();
|
||||
}
|
||||
@@ -201,21 +199,23 @@ public class RecoverySystem {
|
||||
if (signedData == null) {
|
||||
throw new IOException("signedData is null");
|
||||
}
|
||||
Collection encCerts = signedData.getCertificates();
|
||||
List<Certificate> encCerts = signedData.getCertificates();
|
||||
if (encCerts.isEmpty()) {
|
||||
throw new IOException("encCerts is empty");
|
||||
}
|
||||
// Take the first certificate from the signature (packages
|
||||
// should contain only one).
|
||||
Iterator it = encCerts.iterator();
|
||||
Iterator<Certificate> it = encCerts.iterator();
|
||||
X509Certificate cert = null;
|
||||
if (it.hasNext()) {
|
||||
cert = new X509CertImpl((org.apache.harmony.security.x509.Certificate)it.next());
|
||||
CertificateFactory cf = CertificateFactory.getInstance("X.509");
|
||||
InputStream is = new ByteArrayInputStream(it.next().getEncoded());
|
||||
cert = (X509Certificate) cf.generateCertificate(is);
|
||||
} else {
|
||||
throw new SignatureException("signature contains no certificates");
|
||||
}
|
||||
|
||||
List sigInfos = signedData.getSignerInfos();
|
||||
List<SignerInfo> sigInfos = signedData.getSignerInfos();
|
||||
SignerInfo sigInfo;
|
||||
if (!sigInfos.isEmpty()) {
|
||||
sigInfo = (SignerInfo)sigInfos.get(0);
|
||||
@@ -226,12 +226,12 @@ public class RecoverySystem {
|
||||
// Check that the public key of the certificate contained
|
||||
// in the package equals one of our trusted public keys.
|
||||
|
||||
HashSet<Certificate> trusted = getTrustedCerts(
|
||||
HashSet<X509Certificate> trusted = getTrustedCerts(
|
||||
deviceCertsZipFile == null ? DEFAULT_KEYSTORE : deviceCertsZipFile);
|
||||
|
||||
PublicKey signatureKey = cert.getPublicKey();
|
||||
boolean verified = false;
|
||||
for (Certificate c : trusted) {
|
||||
for (X509Certificate c : trusted) {
|
||||
if (c.getPublicKey().equals(signatureKey)) {
|
||||
verified = true;
|
||||
break;
|
||||
|
||||
Reference in New Issue
Block a user