/*
* Copyright (C) 2012 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.motorolamobility.studio.android.certmanager.packaging.sign;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.ByteBuffer;
import java.nio.channels.Channels;
import java.nio.channels.ReadableByteChannel;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.util.jar.Attributes;
import org.bouncycastle.util.encoders.Base64Encoder;
import com.motorola.studio.android.common.log.StudioLogger;
import com.motorolamobility.studio.android.certmanager.CertificateManagerActivator;
import com.motorolamobility.studio.android.certmanager.exception.KeyStoreManagerException;
import com.motorolamobility.studio.android.certmanager.packaging.PackageFile;
import com.motorolamobility.studio.android.certmanager.ui.model.IKeyStoreEntry;
/**
* Utility class used to sign package files.
*/
public class PackageFileSigner
{
public static final String MOTODEV_STUDIO = "MOTODEV Studio";
/**
* Signs a package file
*
* @param packageFile
* the package file to sign
* @param certificateAlias
* the signing certificate alias
* @param createdBy
* Created-By manifest attribute
* @throws SignException
* if a processing error occurs during the signing process
* @throws UnrecoverableKeyException
*/
public static void signPackage(PackageFile packageFile, IKeyStoreEntry keystoreEntry,
String keyEntryPassword, String createdBy) throws SignException,
UnrecoverableKeyException
{
try
{
Base64Encoder encoder = new Base64Encoder();
MessageDigest messageDigest = MessageDigest.getInstance(ISignConstants.SHA1);
addFilesDigestsToManifest(packageFile, encoder, messageDigest);
addSignatureFiles(packageFile, keystoreEntry, keyEntryPassword, encoder, createdBy);
}
catch (UnrecoverableKeyException e)
{
throw e;
}
catch (Exception e)
{
StudioLogger.error(PackageFileSigner.class, "Error signing package", e);
throw new SignException(e.getMessage(), e);
}
}
/**
* Remove package signature files
*
* @param packageFile
* @throws IOException
*/
public static void removePackageSignature(PackageFile packageFile) throws IOException
{
packageFile.removeMetaEntryFiles();
}
/**
* Generates the digests for all the files in the package and puts them in
* the manifest
*
* @param packageFile
* the package file being signed
* @param encoder
* the BASE64 encoder
* @param messageDigest
* the message digest
* @throws IOException
* if an I/O error occurs when reading the files contained in
* the package
*/
private static void addFilesDigestsToManifest(PackageFile packageFile, Base64Encoder encoder,
MessageDigest messageDigest) throws IOException
{
InputStream fileInputStream = null;
ReadableByteChannel rc = null;
ByteArrayOutputStream encodedStream = null;
// for each entry in the package file
for (String entryName : packageFile.getEntryNames())
{
File file = packageFile.getEntryFile(entryName);
if (file.isFile())
{
try
{
// read the file contents
fileInputStream = new FileInputStream(file);
rc = Channels.newChannel(fileInputStream);
ByteBuffer byteBuffer = ByteBuffer.allocate((int) file.length());
rc.read(byteBuffer);
// compute the digest
messageDigest.reset();
byte[] digestedArray = messageDigest.digest(byteBuffer.array());
encodedStream = new ByteArrayOutputStream();
encoder.encode(digestedArray, 0, digestedArray.length, encodedStream);
String digestedMessage = encodedStream.toString();
// put the digest in the manifest file
Attributes jarEntryAttributes = new Attributes();
jarEntryAttributes.putValue(ISignConstants.SHA1_DIGEST, digestedMessage);
packageFile.getManifest().getEntries().put(entryName, jarEntryAttributes);
}
finally
{
try
{
if (encodedStream != null)
{
encodedStream.close();
}
if (rc != null)
{
rc.close();
}
if (fileInputStream != null)
{
fileInputStream.close();
}
}
catch (IOException e)
{
StudioLogger.error("Could not close stream while signing package. "
+ e.getMessage());
}
}
}
}
}
/**
* Adds the signature file and the signature block file to the package
*
* @param packageFile
* the package file being signed
* @param certificateAlias
* the signing certificate alias
* @param encoder
* the BASE64 encoder
* @param messageDigest
* the message digest
* @param createdBy
* Created-By manifest attribute
* @throws SignException
* if a processing error occurs during the signing process
* @throws IOException
* if an I/O error occurs during the signing process
* @throws NoSuchAlgorithmException
* @throws KeyStoreManagerException
* @throws KeyStoreException
* @throws UnrecoverableKeyException
*/
private static void addSignatureFiles(PackageFile packageFile, IKeyStoreEntry keystoreEntry,
String keyEntryPassword, Base64Encoder encoder, String createdBy) throws IOException,
SignException, UnrecoverableKeyException, KeyStoreException, KeyStoreManagerException,
NoSuchAlgorithmException
{
// signature file
SignatureFile signatureFile =
new SignatureFile(packageFile, keystoreEntry.getAlias(), encoder, createdBy);
File sigFile = File.createTempFile(CertificateManagerActivator.TEMP_FILE_PREFIX, null);
FileOutputStream sigFileOutStream = null;
try
{
sigFileOutStream = new FileOutputStream(sigFile);
signatureFile.write(sigFileOutStream);
}
finally
{
if (sigFileOutStream != null)
{
try
{
sigFileOutStream.close();
}
catch (IOException e)
{
StudioLogger
.error("Could not close stream while adding signature files to package. "
+ e.getMessage());
}
}
}
packageFile.setTempEntryFile(signatureFile.toString(), sigFile);
// signature block file
SignatureBlockFile signatureBlockFile =
new SignatureBlockFile(signatureFile, keystoreEntry, keyEntryPassword);
File sigBlockFile = File.createTempFile(CertificateManagerActivator.TEMP_FILE_PREFIX, null);
FileOutputStream sigBlockFileOutStream = null;
try
{
sigBlockFileOutStream = new FileOutputStream(sigBlockFile);
signatureBlockFile.write(sigBlockFileOutStream);
}
finally
{
if (sigBlockFileOutStream != null)
{
try
{
sigBlockFileOutStream.close();
}
catch (IOException e)
{
StudioLogger
.error("Could not close stream while adding signature files to package. "
+ e.getMessage());
}
}
}
packageFile.setTempEntryFile(signatureBlockFile.toString(), sigBlockFile);
}
}