diff options
Diffstat (limited to 'core/java/android/os/RecoverySystem.java')
| -rw-r--r-- | core/java/android/os/RecoverySystem.java | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/core/java/android/os/RecoverySystem.java b/core/java/android/os/RecoverySystem.java index 480fe7d..85438a1 100644 --- a/core/java/android/os/RecoverySystem.java +++ b/core/java/android/os/RecoverySystem.java @@ -32,10 +32,8 @@ import java.security.GeneralSecurityException; import java.security.PublicKey; import java.security.Signature; import java.security.SignatureException; -import java.security.cert.Certificate; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; -import java.util.Collection; import java.util.Enumeration; import java.util.HashSet; import java.util.Iterator; @@ -48,7 +46,7 @@ import org.apache.harmony.security.asn1.BerInputStream; import org.apache.harmony.security.pkcs7.ContentInfo; import org.apache.harmony.security.pkcs7.SignedData; import org.apache.harmony.security.pkcs7.SignerInfo; -import org.apache.harmony.security.provider.cert.X509CertImpl; +import org.apache.harmony.security.x509.Certificate; /** * RecoverySystem contains methods for interacting with the Android @@ -93,9 +91,9 @@ public class RecoverySystem { } /** @return the set of certs that can be used to sign an OTA package. */ - private static HashSet<Certificate> getTrustedCerts(File keystore) + private static HashSet<X509Certificate> getTrustedCerts(File keystore) throws IOException, GeneralSecurityException { - HashSet<Certificate> trusted = new HashSet<Certificate>(); + HashSet<X509Certificate> trusted = new HashSet<X509Certificate>(); if (keystore == null) { keystore = DEFAULT_KEYSTORE; } @@ -107,7 +105,7 @@ public class RecoverySystem { ZipEntry entry = entries.nextElement(); InputStream is = zip.getInputStream(entry); try { - trusted.add(cf.generateCertificate(is)); + trusted.add((X509Certificate) cf.generateCertificate(is)); } finally { is.close(); } @@ -201,21 +199,23 @@ public class RecoverySystem { if (signedData == null) { throw new IOException("signedData is null"); } - Collection encCerts = signedData.getCertificates(); + List<Certificate> encCerts = signedData.getCertificates(); if (encCerts.isEmpty()) { throw new IOException("encCerts is empty"); } // Take the first certificate from the signature (packages // should contain only one). - Iterator it = encCerts.iterator(); + Iterator<Certificate> it = encCerts.iterator(); X509Certificate cert = null; if (it.hasNext()) { - cert = new X509CertImpl((org.apache.harmony.security.x509.Certificate)it.next()); + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + InputStream is = new ByteArrayInputStream(it.next().getEncoded()); + cert = (X509Certificate) cf.generateCertificate(is); } else { throw new SignatureException("signature contains no certificates"); } - List sigInfos = signedData.getSignerInfos(); + List<SignerInfo> sigInfos = signedData.getSignerInfos(); SignerInfo sigInfo; if (!sigInfos.isEmpty()) { sigInfo = (SignerInfo)sigInfos.get(0); @@ -226,12 +226,12 @@ public class RecoverySystem { // Check that the public key of the certificate contained // in the package equals one of our trusted public keys. - HashSet<Certificate> trusted = getTrustedCerts( + HashSet<X509Certificate> trusted = getTrustedCerts( deviceCertsZipFile == null ? DEFAULT_KEYSTORE : deviceCertsZipFile); PublicKey signatureKey = cert.getPublicKey(); boolean verified = false; - for (Certificate c : trusted) { + for (X509Certificate c : trusted) { if (c.getPublicKey().equals(signatureKey)) { verified = true; break; |