/* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package android.util.jar; import android.util.apk.ApkSignatureSchemeV2Verifier; import java.io.IOException; import java.io.OutputStream; import java.nio.charset.StandardCharsets; import java.security.GeneralSecurityException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.cert.Certificate; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.HashMap; import java.util.Hashtable; import java.util.Iterator; import java.util.List; import java.util.Locale; import java.util.Map; import java.util.StringTokenizer; import java.util.jar.Attributes; import java.util.jar.JarFile; import sun.security.jca.Providers; import sun.security.pkcs.PKCS7; import sun.security.pkcs.SignerInfo; /** * Non-public class used by {@link JarFile} and {@link JarInputStream} to manage * the verification of signed JARs. {@code JarFile} and {@code JarInputStream} * objects are expected to have a {@code JarVerifier} instance member which * can be used to carry out the tasks associated with verifying a signed JAR. * These tasks would typically include: *
.SF
file.
*/
void verify() {
byte[] d = digest.digest();
if (!verifyMessageDigest(d, hash)) {
throw invalidDigest(JarFile.MANIFEST_NAME, name, name);
}
verifiedEntries.put(name, certChains);
}
}
private static SecurityException invalidDigest(String signatureFile, String name,
String jarName) {
throw new SecurityException(signatureFile + " has invalid digest for " + name +
" in " + jarName);
}
private static SecurityException failedVerification(String jarName, String signatureFile) {
throw new SecurityException(jarName + " failed verification of " + signatureFile);
}
private static SecurityException failedVerification(String jarName, String signatureFile,
Throwable e) {
throw new SecurityException(jarName + " failed verification of " + signatureFile, e);
}
/**
* Constructs and returns a new instance of {@code JarVerifier}.
*
* @param name
* the name of the JAR file being verified.
*
* @param signatureSchemeRollbackProtectionsEnforced {@code true} to enforce protections against
* stripping newer signature schemes (e.g., APK Signature Scheme v2) from the file, or
* {@code false} to ignore any such protections.
*/
StrictJarVerifier(String name, StrictJarManifest manifest,
HashMap
* Will also return {@code true} if the JAR file is not
* signed.
* @throws SecurityException
* if the JAR file is signed and it is determined that a
* signature block file contains an invalid signature for the
* corresponding signature file.
*/
synchronized boolean readCertificates() {
if (metaEntries.isEmpty()) {
return false;
}
Iteratorboolean
indication of whether or not the
* associated jar file is signed.
*
* @return {@code true} if the JAR is signed, {@code false}
* otherwise.
*/
boolean isSignedJar() {
return certificates.size() > 0;
}
private boolean verify(Attributes attributes, String entry, byte[] data,
int start, int end, boolean ignoreSecondEndline, boolean ignorable) {
for (int i = 0; i < DIGEST_ALGORITHMS.length; i++) {
String algorithm = DIGEST_ALGORITHMS[i];
String hash = attributes.getValue(algorithm + entry);
if (hash == null) {
continue;
}
MessageDigest md;
try {
md = MessageDigest.getInstance(algorithm);
} catch (NoSuchAlgorithmException e) {
continue;
}
if (ignoreSecondEndline && data[end - 1] == '\n' && data[end - 2] == '\n') {
md.update(data, start, end - 1 - start);
} else {
md.update(data, start, end - start);
}
byte[] b = md.digest();
byte[] encodedHashBytes = hash.getBytes(StandardCharsets.ISO_8859_1);
return verifyMessageDigest(b, encodedHashBytes);
}
return ignorable;
}
private static boolean verifyMessageDigest(byte[] expected, byte[] encodedActual) {
byte[] actual;
try {
actual = java.util.Base64.getDecoder().decode(encodedActual);
} catch (IllegalArgumentException e) {
return false;
}
return MessageDigest.isEqual(expected, actual);
}
/**
* Returns all of the {@link java.security.cert.Certificate} chains that
* were used to verify the signature on the JAR entry called
* {@code name}. Callers must not modify the returned arrays.
*
* @param name
* the name of a JAR entry.
* @return an array of {@link java.security.cert.Certificate} chains.
*/
Certificate[][] getCertificateChains(String name) {
return verifiedEntries.get(name);
}
/**
* Remove all entries from the internal collection of data held about each
* JAR entry in the {@code META-INF} directory.
*/
void removeMetaEntries() {
metaEntries.clear();
}
}