import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
-import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
-import java.util.Collection;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import org.apache.harmony.security.pkcs7.ContentInfo;
import org.apache.harmony.security.pkcs7.SignedData;
import org.apache.harmony.security.pkcs7.SignerInfo;
-import org.apache.harmony.security.provider.cert.X509CertImpl;
+import org.apache.harmony.security.x509.Certificate;
/**
* RecoverySystem contains methods for interacting with the Android
}
/** @return the set of certs that can be used to sign an OTA package. */
- private static HashSet<Certificate> getTrustedCerts(File keystore)
+ private static HashSet<X509Certificate> getTrustedCerts(File keystore)
throws IOException, GeneralSecurityException {
- HashSet<Certificate> trusted = new HashSet<Certificate>();
+ HashSet<X509Certificate> trusted = new HashSet<X509Certificate>();
if (keystore == null) {
keystore = DEFAULT_KEYSTORE;
}
ZipEntry entry = entries.nextElement();
InputStream is = zip.getInputStream(entry);
try {
- trusted.add(cf.generateCertificate(is));
+ trusted.add((X509Certificate) cf.generateCertificate(is));
} finally {
is.close();
}
if (signedData == null) {
throw new IOException("signedData is null");
}
- Collection encCerts = signedData.getCertificates();
+ List<Certificate> encCerts = signedData.getCertificates();
if (encCerts.isEmpty()) {
throw new IOException("encCerts is empty");
}
// Take the first certificate from the signature (packages
// should contain only one).
- Iterator it = encCerts.iterator();
+ Iterator<Certificate> it = encCerts.iterator();
X509Certificate cert = null;
if (it.hasNext()) {
- cert = new X509CertImpl((org.apache.harmony.security.x509.Certificate)it.next());
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ InputStream is = new ByteArrayInputStream(it.next().getEncoded());
+ cert = (X509Certificate) cf.generateCertificate(is);
} else {
throw new SignatureException("signature contains no certificates");
}
- List sigInfos = signedData.getSignerInfos();
+ List<SignerInfo> sigInfos = signedData.getSignerInfos();
SignerInfo sigInfo;
if (!sigInfos.isEmpty()) {
sigInfo = (SignerInfo)sigInfos.get(0);
// Check that the public key of the certificate contained
// in the package equals one of our trusted public keys.
- HashSet<Certificate> trusted = getTrustedCerts(
+ HashSet<X509Certificate> trusted = getTrustedCerts(
deviceCertsZipFile == null ? DEFAULT_KEYSTORE : deviceCertsZipFile);
PublicKey signatureKey = cert.getPublicKey();
boolean verified = false;
- for (Certificate c : trusted) {
+ for (X509Certificate c : trusted) {
if (c.getPublicKey().equals(signatureKey)) {
verified = true;
break;
OSDN Git Service
