Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Remove direct reference to X509CertImpl"

Browse Source
This commit is contained in:
Kenny Root
2013-10-14 20:59:46 +00:00
committed by Gerrit Code Review
parent d6c2ccb25f 27e549428e
commit 7878883ed9
1 changed files with 12 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
core/java/android/os/RecoverySystem.java
View File

@@ -32,10 +32,8 @@ import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
@@ -48,7 +46,7 @@ import org.apache.harmony.security.asn1.BerInputStream;
import org.apache.harmony.security.pkcs7.ContentInfo;
import org.apache.harmony.security.pkcs7.SignedData;
import org.apache.harmony.security.pkcs7.SignerInfo;
import org.apache.harmony.security.provider.cert.X509CertImpl;
import org.apache.harmony.security.x509.Certificate;
/**
* RecoverySystem contains methods for interacting with the Android
@@ -93,9 +91,9 @@ public class RecoverySystem {
}
/** @return the set of certs that can be used to sign an OTA package. */
private static HashSet<Certificate> getTrustedCerts(File keystore)
private static HashSet<X509Certificate> getTrustedCerts(File keystore)
throws IOException, GeneralSecurityException {
HashSet<Certificate> trusted = new HashSet<Certificate>();
HashSet<X509Certificate> trusted = new HashSet<X509Certificate>();
if (keystore == null) {
keystore = DEFAULT_KEYSTORE;
}
@@ -107,7 +105,7 @@ public class RecoverySystem {
ZipEntry entry = entries.nextElement();
InputStream is = zip.getInputStream(entry);
try {
trusted.add(cf.generateCertificate(is));
trusted.add((X509Certificate) cf.generateCertificate(is));
} finally {
is.close();
}
@@ -201,21 +199,23 @@ public class RecoverySystem {
if (signedData == null) {
throw new IOException("signedData is null");
}
Collection encCerts = signedData.getCertificates();
List<Certificate> encCerts = signedData.getCertificates();
if (encCerts.isEmpty()) {
throw new IOException("encCerts is empty");
}
// Take the first certificate from the signature (packages
// should contain only one).
Iterator it = encCerts.iterator();
Iterator<Certificate> it = encCerts.iterator();
X509Certificate cert = null;
if (it.hasNext()) {
cert = new X509CertImpl((org.apache.harmony.security.x509.Certificate)it.next());
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream is = new ByteArrayInputStream(it.next().getEncoded());
cert = (X509Certificate) cf.generateCertificate(is);
} else {
throw new SignatureException("signature contains no certificates");
}
List sigInfos = signedData.getSignerInfos();
List<SignerInfo> sigInfos = signedData.getSignerInfos();
SignerInfo sigInfo;
if (!sigInfos.isEmpty()) {
sigInfo = (SignerInfo)sigInfos.get(0);
@@ -226,12 +226,12 @@ public class RecoverySystem {
// Check that the public key of the certificate contained
// in the package equals one of our trusted public keys.
HashSet<Certificate> trusted = getTrustedCerts(
HashSet<X509Certificate> trusted = getTrustedCerts(
deviceCertsZipFile == null ? DEFAULT_KEYSTORE : deviceCertsZipFile);
PublicKey signatureKey = cert.getPublicKey();
boolean verified = false;
for (Certificate c : trusted) {
for (X509Certificate c : trusted) {
if (c.getPublicKey().equals(signatureKey)) {
verified = true;
break;