+import sun.misc.BASE64Encoder;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.List;
+import java.util.Map;
+import java.util.TreeMap;
+import java.util.jar.Attributes;
+import java.util.jar.JarEntry;
+import java.util.jar.JarFile;
+import java.util.jar.JarOutputStream;
+import java.util.jar.Manifest;
+import javax.crypto.Cipher;
+import javax.crypto.EncryptedPrivateKeyInfo;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+ * Command line tool to sign JAR files (including APKs and OTA updates) in
+ * a way compatible with the mincrypt verifier, using SHA1 and RSA keys.
+ */
+class SignApk {
+ private static final String CERT_SF_NAME = "META-INF/CERT.SF";
+ private static final String CERT_RSA_NAME = "META-INF/CERT.RSA";
+ private static X509Certificate readPublicKey(File file)
+ throws IOException, GeneralSecurityException {
+ FileInputStream input = new FileInputStream(file);
+ try {
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ return (X509Certificate) cf.generateCertificate(input);
+ } finally {
+ input.close();
+ }
+ }
+ /**
+ * Reads the password from stdin and returns it as a string.
+ *
+ * @param keyFile The file containing the private key. Used to prompt the user.
+ */
+ private static String readPassword(File keyFile) {
+ // TODO: use Console.readPassword() when it's available.
+ System.out.print("Enter password for " + keyFile + " (password will not be hidden): ");
+ System.out.flush();
+ BufferedReader stdin = new BufferedReader(new InputStreamReader(;
+ try {
+ return stdin.readLine();
+ } catch (IOException ex) {
+ return null;
+ }
+ }
+ /**
+ * Decrypt an encrypted PKCS 8 format private key.
+ *
+ * Based on ghstark's post on Aug 6, 2006 at
+ *
+ *
+ * @param encryptedPrivateKey The raw data of the private key
+ * @param keyFile The file containing the private key
+ */
+ private static KeySpec decryptPrivateKey(byte[] encryptedPrivateKey, File keyFile)
+ throws GeneralSecurityException {
+ EncryptedPrivateKeyInfo epkInfo;
+ try {
+ epkInfo = new EncryptedPrivateKeyInfo(encryptedPrivateKey);
+ } catch (IOException ex) {
+ // Probably not an encrypted key.
+ return null;
+ }
+ char[] password = readPassword(keyFile).toCharArray();
+ SecretKeyFactory skFactory = SecretKeyFactory.getInstance(epkInfo.getAlgName());
+ Key key = skFactory.generateSecret(new PBEKeySpec(password));
+ Cipher cipher = Cipher.getInstance(epkInfo.getAlgName());
+ cipher.init(Cipher.DECRYPT_MODE, key, epkInfo.getAlgParameters());
+ try {
+ return epkInfo.getKeySpec(cipher);
+ } catch (InvalidKeySpecException ex) {
+ System.err.println("signapk: Password for " + keyFile + " may be bad.");
+ throw ex;
+ }
+ }
+ /** Read a PKCS 8 format private key. */
+ private static PrivateKey readPrivateKey(File file)
+ throws IOException, GeneralSecurityException {
+ DataInputStream input = new DataInputStream(new FileInputStream(file));
+ try {
+ byte[] bytes = new byte[(int) file.length()];
+ KeySpec spec = decryptPrivateKey(bytes, file);
+ if (spec == null) {
+ spec = new PKCS8EncodedKeySpec(bytes);
+ }
+ try {
+ return KeyFactory.getInstance("RSA").generatePrivate(spec);
+ } catch (InvalidKeySpecException ex) {
+ return KeyFactory.getInstance("DSA").generatePrivate(spec);
+ }
+ } finally {
+ input.close();
+ }
+ }
+ /** Add the SHA1 of every file to the manifest, creating it if necessary. */
+ private static Manifest addDigestsToManifest(JarFile jar)
+ throws IOException, GeneralSecurityException {
+ Manifest input = jar.getManifest();
+ Manifest output = new Manifest();
+ Attributes main = output.getMainAttributes();
+ if (input != null) {
+ main.putAll(input.getMainAttributes());
+ } else {
+ main.putValue("Manifest-Version", "1.0");
+ main.putValue("Created-By", "1.0 (Android SignApk)");
+ }
+ BASE64Encoder base64 = new BASE64Encoder();
+ MessageDigest md = MessageDigest.getInstance("SHA1");
+ byte[] buffer = new byte[4096];
+ int num;
+ // We sort the input entries by name, and add them to the
+ // output manifest in sorted order. We expect that the output
+ // map will be deterministic.
+ TreeMap<String, JarEntry> byName = new TreeMap<String, JarEntry>();
+ for (Enumeration<JarEntry> e = jar.entries(); e.hasMoreElements(); ) {
+ JarEntry entry = e.nextElement();
+ byName.put(entry.getName(), entry);
+ }
+ for (JarEntry entry: byName.values()) {
+ String name = entry.getName();
+ if (!entry.isDirectory() && !name.equals(JarFile.MANIFEST_NAME) &&
+ !name.equals(CERT_SF_NAME) && !name.equals(CERT_RSA_NAME)) {
+ InputStream data = jar.getInputStream(entry);
+ while ((num = > 0) {
+ md.update(buffer, 0, num);
+ }
+ Attributes attr = null;
+ if (input != null) attr = input.getAttributes(name);
+ attr = attr != null ? new Attributes(attr) : new Attributes();
+ attr.putValue("SHA1-Digest", base64.encode(md.digest()));
+ output.getEntries().put(name, attr);
+ }
+ }
+ return output;
+ }
+ /** Write to another stream and also feed it to the Signature object. */
+ private static class SignatureOutputStream extends FilterOutputStream {
+ private Signature mSignature;
+ public SignatureOutputStream(OutputStream out, Signature sig) {
+ super(out);
+ mSignature = sig;
+ }
+ @Override
+ public void write(int b) throws IOException {
+ try {
+ mSignature.update((byte) b);
+ } catch (SignatureException e) {
+ throw new IOException("SignatureException: " + e);
+ }
+ super.write(b);
+ }
+ @Override
+ public void write(byte[] b, int off, int len) throws IOException {
+ try {
+ mSignature.update(b, off, len);
+ } catch (SignatureException e) {
+ throw new IOException("SignatureException: " + e);
+ }
+ super.write(b, off, len);
+ }
+ }
+ /** Write a .SF file with a digest the specified manifest. */
+ private static void writeSignatureFile(Manifest manifest, OutputStream out)
+ throws IOException, GeneralSecurityException {
+ Manifest sf = new Manifest();
+ Attributes main = sf.getMainAttributes();
+ main.putValue("Signature-Version", "1.0");
+ main.putValue("Created-By", "1.0 (Android SignApk)");
+ BASE64Encoder base64 = new BASE64Encoder();
+ MessageDigest md = MessageDigest.getInstance("SHA1");
+ PrintStream print = new PrintStream(
+ new DigestOutputStream(new ByteArrayOutputStream(), md),
+ true, "UTF-8");
+ // Digest of the entire manifest
+ manifest.write(print);
+ print.flush();
+ main.putValue("SHA1-Digest-Manifest", base64.encode(md.digest()));
+ Map<String, Attributes> entries = manifest.getEntries();
+ for (Map.Entry<String, Attributes> entry : entries.entrySet()) {
+ // Digest of the manifest stanza for this entry.
+ print.print("Name: " + entry.getKey() + "\r\n");
+ for (Map.Entry<Object, Object> att : entry.getValue().entrySet()) {
+ print.print(att.getKey() + ": " + att.getValue() + "\r\n");
+ }
+ print.print("\r\n");
+ print.flush();
+ Attributes sfAttr = new Attributes();
+ sfAttr.putValue("SHA1-Digest", base64.encode(md.digest()));
+ sf.getEntries().put(entry.getKey(), sfAttr);
+ }
+ sf.write(out);
+ }
+ /** Write a .RSA file with a digital signature. */
+ private static void writeSignatureBlock(
+ Signature signature, X509Certificate publicKey, OutputStream out)
+ throws IOException, GeneralSecurityException {
+ SignerInfo signerInfo = new SignerInfo(
+ new X500Name(publicKey.getIssuerX500Principal().getName()),
+ publicKey.getSerialNumber(),
+ AlgorithmId.get("SHA1"),
+ AlgorithmId.get("RSA"),
+ signature.sign());
+ PKCS7 pkcs7 = new PKCS7(
+ new AlgorithmId[] { AlgorithmId.get("SHA1") },
+ new ContentInfo(ContentInfo.DATA_OID, null),
+ new X509Certificate[] { publicKey },
+ new SignerInfo[] { signerInfo });
+ pkcs7.encodeSignedData(out);
+ }
+ /** Copy all the files in a manifest from input to output. */
+ private static void copyFiles(Manifest manifest,
+ JarFile in, JarOutputStream out) throws IOException {
+ byte[] buffer = new byte[4096];
+ int num;
+ Map<String, Attributes> entries = manifest.getEntries();
+ List<String> names = new ArrayList(entries.keySet());
+ Collections.sort(names);
+ for (String name : names) {
+ JarEntry inEntry = in.getJarEntry(name);
+ if (inEntry.getMethod() == JarEntry.STORED) {
+ // Preserve the STORED method of the input entry.
+ out.putNextEntry(new JarEntry(inEntry));
+ } else {
+ // Create a new entry so that the compressed len is recomputed.
+ JarEntry je = new JarEntry(name);
+ je.setTime(inEntry.getTime());
+ out.putNextEntry(je);
+ }
+ InputStream data = in.getInputStream(inEntry);
+ while ((num = > 0) {
+ out.write(buffer, 0, num);
+ }
+ out.flush();
+ }
+ }
+ public static void main(String[] args) {
+ if (args.length != 4) {
+ System.err.println("Usage: signapk " +
+ "publickey.x509[.pem] privatekey.pk8 " +
+ "input.jar output.jar");
+ System.exit(2);
+ }
+ JarFile inputJar = null;
+ JarOutputStream outputJar = null;
+ try {
+ X509Certificate publicKey = readPublicKey(new File(args[0]));
+ // Assume the certificate is valid for at least an hour.
+ long timestamp = publicKey.getNotBefore().getTime() + 3600L * 1000;
+ PrivateKey privateKey = readPrivateKey(new File(args[1]));
+ inputJar = new JarFile(new File(args[2]), false); // Don't verify.
+ outputJar = new JarOutputStream(new FileOutputStream(args[3]));
+ outputJar.setLevel(9);
+ JarEntry je;
+ Manifest manifest = addDigestsToManifest(inputJar);
+ je = new JarEntry(JarFile.MANIFEST_NAME);
+ je.setTime(timestamp);
+ outputJar.putNextEntry(je);
+ manifest.write(outputJar);
+ // CERT.SF
+ Signature signature = Signature.getInstance("SHA1withRSA");
+ signature.initSign(privateKey);
+ je = new JarEntry(CERT_SF_NAME);
+ je.setTime(timestamp);
+ outputJar.putNextEntry(je);
+ writeSignatureFile(manifest,
+ new SignatureOutputStream(outputJar, signature));
+ je = new JarEntry(CERT_RSA_NAME);
+ je.setTime(timestamp);
+ outputJar.putNextEntry(je);
+ writeSignatureBlock(signature, publicKey, outputJar);
+ // Everything else
+ copyFiles(manifest, inputJar, outputJar);
+ } catch (Exception e) {
+ e.printStackTrace();
+ System.exit(1);
+ } finally {
+ try {
+ if (inputJar != null) inputJar.close();
+ if (outputJar != null) outputJar.close();
+ } catch (IOException e) {
+ e.printStackTrace();
+ System.exit(1);
+ }
+ }
+ }