fastbootd/other/sign/src/SignImg.java - third_party/android/platform/system/core - Git at Google

 package signtool;

 import java.io.*;
 import java.util.Properties;
 import java.util.ArrayList;

 import javax.mail.internet.*;
 import javax.mail.MessagingException;
 import javax.mail.Session;
 import javax.activation.MailcapCommandMap;
 import javax.activation.CommandMap;

 import java.security.PrivateKey;
 import java.security.Security;
 import java.security.KeyFactory;
 import java.security.KeyStore;
 import java.security.NoSuchAlgorithmException;
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.security.spec.InvalidKeySpecException;
 import java.security.cert.X509Certificate;
 import java.security.cert.CertificateFactory;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateEncodingException;

 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
 import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
 import org.bouncycastle.operator.ContentSigner;
 import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
 import org.bouncycastle.cms.CMSProcessableByteArray;
 import org.bouncycastle.cms.CMSSignedGenerator;
 import org.bouncycastle.cms.CMSSignedDataGenerator;
 import org.bouncycastle.cms.CMSSignedGenerator;
 import org.bouncycastle.cms.CMSProcessable;
 import org.bouncycastle.cms.CMSSignedData;
 import org.bouncycastle.cms.CMSTypedData;
 import org.bouncycastle.cert.jcajce.JcaCertStore;
 import org.bouncycastle.util.Store;
 import org.bouncycastle.asn1.ASN1InputStream;
 import org.bouncycastle.asn1.DEROutputStream;
 import org.bouncycastle.asn1.ASN1Object;


 public class SignImg {

     /* It reads private key in pkcs#8 formate
      * Conversion:
      * openssl pkcs8 -topk8 -nocrypt -outform DER < inkey.pem > outkey.pk8
      */
     private static PrivateKey getPrivateKey(String path) throws IOException, FileNotFoundException, NoSuchAlgorithmException, InvalidKeySpecException {
         File file = new File(path);
         FileInputStream fis = new FileInputStream(file);
         byte[] data = new byte[(int)file.length()];
         fis.read(data);
         fis.close();

         PKCS8EncodedKeySpec kspec = new PKCS8EncodedKeySpec(data);
         KeyFactory kf = KeyFactory.getInstance("RSA");
         PrivateKey privateKey = kf.generatePrivate(kspec);

         return privateKey;
     }

     private static MimeBodyPart getContent(String path) throws IOException, FileNotFoundException, MessagingException {
         MimeBodyPart body = new MimeBodyPart();

         File file = new File(path);
         FileInputStream fis = new FileInputStream(file);
         byte[] data = new byte[(int)file.length()];
         fis.read(data);
         fis.close();

         body.setContent(data, "application/octet-stream");

         return body;
     }

     private static CMSProcessableByteArray getCMSContent(String path) throws IOException, FileNotFoundException, MessagingException {
         File file = new File(path);
         FileInputStream fis = new FileInputStream(file);
         byte[] data = new byte[(int)file.length()];
         fis.read(data);
         fis.close();
         CMSProcessableByteArray cms = new CMSProcessableByteArray(data);

         return cms;
     }

     private static X509Certificate readCert(String path) throws IOException, FileNotFoundException, CertificateException {
         File file = new File(path);
         FileInputStream is = new FileInputStream(file);

         CertificateFactory cf = CertificateFactory.getInstance("X.509");
         Certificate cert = cf.generateCertificate(is);
         is.close();

         return (X509Certificate) cert;
     }

     private static void save(MimeBodyPart content, String path) throws IOException, FileNotFoundException, MessagingException {
         File file = new File(path);
         FileOutputStream os = new FileOutputStream(file);

         content.writeTo(os);

         os.close();
     }

     private static Store certToStore(X509Certificate certificate) throws CertificateEncodingException {
         ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>();
         certList.add(certificate);
         return new JcaCertStore(certList);
     }

     public static void setDefaultMailcap()
     {
         MailcapCommandMap _mailcap =
             (MailcapCommandMap)CommandMap.getDefaultCommandMap();

         _mailcap.addMailcap("application/pkcs7-signature;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.pkcs7_signature");
         _mailcap.addMailcap("application/pkcs7-mime;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.pkcs7_mime");
         _mailcap.addMailcap("application/x-pkcs7-signature;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.x_pkcs7_signature");
         _mailcap.addMailcap("application/x-pkcs7-mime;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.x_pkcs7_mime");
         _mailcap.addMailcap("multipart/signed;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.multipart_signed");

         CommandMap.setDefaultCommandMap(_mailcap);
     }

     public static void main(String[] args) {
         try {
             if (args.length < 4) {
                 System.out.println("Usage: signimg data private_key certificate output");
                 return;
             }
             System.out.println("Signing the image");
             setDefaultMailcap();

             Security.addProvider(new BouncyCastleProvider());

             PrivateKey key = getPrivateKey(args[1]);
             System.out.println("File read sucessfully");

             CMSSignedDataGenerator generator = new CMSSignedDataGenerator();

             CMSTypedData body = getCMSContent(args[0]);
             System.out.println("Content read sucessfully");

             X509Certificate cert = (X509Certificate) readCert(args[2]);
             System.out.println("Certificate read sucessfully");

             ContentSigner sha256Signer = new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build(key);

             Store certs = certToStore(cert);

             generator.addCertificates(certs);
             generator.addSignerInfoGenerator(
                           new JcaSignerInfoGeneratorBuilder(
                                 new JcaDigestCalculatorProviderBuilder().setProvider("BC").build())
                           .build(sha256Signer, cert));

             CMSSignedData signed = generator.generate(body, true);
             System.out.println("Signed");

             Properties props = System.getProperties();
             Session session = Session.getDefaultInstance(props, null);

             File file = new File(args[3]);
             FileOutputStream os = new FileOutputStream(file);

             ASN1InputStream asn1 = new ASN1InputStream(signed.getEncoded());
             ByteArrayOutputStream out = new ByteArrayOutputStream();
             DEROutputStream dOut = new DEROutputStream(os);
             dOut.writeObject(ASN1Object.fromByteArray(signed.getEncoded()));

         }
         catch (Exception ex) {
             System.out.println("Exception during programm execution: " + ex.getMessage());
         }
     }
 }
	package signtool;

	import java.io.*;
	import java.util.Properties;
	import java.util.ArrayList;

	import javax.mail.internet.*;
	import javax.mail.MessagingException;
	import javax.mail.Session;
	import javax.activation.MailcapCommandMap;
	import javax.activation.CommandMap;

	import java.security.PrivateKey;
	import java.security.Security;
	import java.security.KeyFactory;
	import java.security.KeyStore;
	import java.security.NoSuchAlgorithmException;
	import java.security.spec.PKCS8EncodedKeySpec;
	import java.security.spec.InvalidKeySpecException;
	import java.security.cert.X509Certificate;
	import java.security.cert.CertificateFactory;
	import java.security.cert.Certificate;
	import java.security.cert.CertificateException;
	import java.security.cert.CertificateEncodingException;

	import org.bouncycastle.jce.provider.BouncyCastleProvider;
	import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
	import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
	import org.bouncycastle.operator.ContentSigner;
	import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
	import org.bouncycastle.cms.CMSProcessableByteArray;
	import org.bouncycastle.cms.CMSSignedGenerator;
	import org.bouncycastle.cms.CMSSignedDataGenerator;
	import org.bouncycastle.cms.CMSSignedGenerator;
	import org.bouncycastle.cms.CMSProcessable;
	import org.bouncycastle.cms.CMSSignedData;
	import org.bouncycastle.cms.CMSTypedData;
	import org.bouncycastle.cert.jcajce.JcaCertStore;
	import org.bouncycastle.util.Store;
	import org.bouncycastle.asn1.ASN1InputStream;
	import org.bouncycastle.asn1.DEROutputStream;
	import org.bouncycastle.asn1.ASN1Object;


	public class SignImg {

	/* It reads private key in pkcs#8 formate
	* Conversion:
	* openssl pkcs8 -topk8 -nocrypt -outform DER < inkey.pem > outkey.pk8
	*/
	private static PrivateKey getPrivateKey(String path) throws IOException, FileNotFoundException, NoSuchAlgorithmException, InvalidKeySpecException {
	File file = new File(path);
	FileInputStream fis = new FileInputStream(file);
	byte[] data = new byte[(int)file.length()];
	fis.read(data);
	fis.close();

	PKCS8EncodedKeySpec kspec = new PKCS8EncodedKeySpec(data);
	KeyFactory kf = KeyFactory.getInstance("RSA");
	PrivateKey privateKey = kf.generatePrivate(kspec);

	return privateKey;
	}

	private static MimeBodyPart getContent(String path) throws IOException, FileNotFoundException, MessagingException {
	MimeBodyPart body = new MimeBodyPart();

	File file = new File(path);
	FileInputStream fis = new FileInputStream(file);
	byte[] data = new byte[(int)file.length()];
	fis.read(data);
	fis.close();

	body.setContent(data, "application/octet-stream");

	return body;
	}

	private static CMSProcessableByteArray getCMSContent(String path) throws IOException, FileNotFoundException, MessagingException {
	File file = new File(path);
	FileInputStream fis = new FileInputStream(file);
	byte[] data = new byte[(int)file.length()];
	fis.read(data);
	fis.close();
	CMSProcessableByteArray cms = new CMSProcessableByteArray(data);

	return cms;
	}

	private static X509Certificate readCert(String path) throws IOException, FileNotFoundException, CertificateException {
	File file = new File(path);
	FileInputStream is = new FileInputStream(file);

	CertificateFactory cf = CertificateFactory.getInstance("X.509");
	Certificate cert = cf.generateCertificate(is);
	is.close();

	return (X509Certificate) cert;
	}

	private static void save(MimeBodyPart content, String path) throws IOException, FileNotFoundException, MessagingException {
	File file = new File(path);
	FileOutputStream os = new FileOutputStream(file);

	content.writeTo(os);

	os.close();
	}

	private static Store certToStore(X509Certificate certificate) throws CertificateEncodingException {
	ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>();
	certList.add(certificate);
	return new JcaCertStore(certList);
	}

	public static void setDefaultMailcap()
	{
	MailcapCommandMap _mailcap =
	(MailcapCommandMap)CommandMap.getDefaultCommandMap();

	_mailcap.addMailcap("application/pkcs7-signature;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.pkcs7_signature");
	_mailcap.addMailcap("application/pkcs7-mime;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.pkcs7_mime");
	_mailcap.addMailcap("application/x-pkcs7-signature;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.x_pkcs7_signature");
	_mailcap.addMailcap("application/x-pkcs7-mime;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.x_pkcs7_mime");
	_mailcap.addMailcap("multipart/signed;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.multipart_signed");

	CommandMap.setDefaultCommandMap(_mailcap);
	}

	public static void main(String[] args) {
	try {
	if (args.length < 4) {
	System.out.println("Usage: signimg data private_key certificate output");
	return;
	}
	System.out.println("Signing the image");
	setDefaultMailcap();

	Security.addProvider(new BouncyCastleProvider());

	PrivateKey key = getPrivateKey(args[1]);
	System.out.println("File read sucessfully");

	CMSSignedDataGenerator generator = new CMSSignedDataGenerator();

	CMSTypedData body = getCMSContent(args[0]);
	System.out.println("Content read sucessfully");

	X509Certificate cert = (X509Certificate) readCert(args[2]);
	System.out.println("Certificate read sucessfully");

	ContentSigner sha256Signer = new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build(key);

	Store certs = certToStore(cert);

	generator.addCertificates(certs);
	generator.addSignerInfoGenerator(
	new JcaSignerInfoGeneratorBuilder(
	new JcaDigestCalculatorProviderBuilder().setProvider("BC").build())
	.build(sha256Signer, cert));

	CMSSignedData signed = generator.generate(body, true);
	System.out.println("Signed");

	Properties props = System.getProperties();
	Session session = Session.getDefaultInstance(props, null);

	File file = new File(args[3]);
	FileOutputStream os = new FileOutputStream(file);

	ASN1InputStream asn1 = new ASN1InputStream(signed.getEncoded());
	ByteArrayOutputStream out = new ByteArrayOutputStream();
	DEROutputStream dOut = new DEROutputStream(os);
	dOut.writeObject(ASN1Object.fromByteArray(signed.getEncoded()));

	}
	catch (Exception ex) {
	System.out.println("Exception during programm execution: " + ex.getMessage());
	}
	}
	}