aboutsummaryrefslogtreecommitdiffstats
path: root/jarutils/src
diff options
context:
space:
mode:
Diffstat (limited to 'jarutils/src')
-rw-r--r--jarutils/src/Android.mk14
-rw-r--r--jarutils/src/com/android/jarutils/DebugKeyProvider.java382
-rw-r--r--jarutils/src/com/android/jarutils/JavaResourceFilter.java95
-rw-r--r--jarutils/src/com/android/jarutils/SignedJarBuilder.java324
4 files changed, 815 insertions, 0 deletions
diff --git a/jarutils/src/Android.mk b/jarutils/src/Android.mk
new file mode 100644
index 0000000..2248b7f
--- /dev/null
+++ b/jarutils/src/Android.mk
@@ -0,0 +1,14 @@
+# Copyright 2008 The Android Open Source Project
+#
+LOCAL_PATH := $(call my-dir)
+include $(CLEAR_VARS)
+
+LOCAL_SRC_FILES := $(call all-subdir-java-files)
+
+LOCAL_JAVA_LIBRARIES := \
+ androidprefs
+
+LOCAL_MODULE := jarutils
+
+include $(BUILD_HOST_JAVA_LIBRARY)
+
diff --git a/jarutils/src/com/android/jarutils/DebugKeyProvider.java b/jarutils/src/com/android/jarutils/DebugKeyProvider.java
new file mode 100644
index 0000000..966f0b4
--- /dev/null
+++ b/jarutils/src/com/android/jarutils/DebugKeyProvider.java
@@ -0,0 +1,382 @@
+/*
+ * Copyright (C) 2008 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.jarutils;
+
+import com.android.prefs.AndroidLocation;
+import com.android.prefs.AndroidLocation.AndroidLocationException;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.UnrecoverableEntryException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.util.ArrayList;
+
+/**
+ * A provider of a dummy key to sign Android application for debugging purpose.
+ * <p/>This provider uses a custom keystore to create and store a key with a known password.
+ */
+public class DebugKeyProvider {
+
+ public interface IKeyGenOutput {
+ public void out(String message);
+ public void err(String message);
+ }
+
+ private static final String PASSWORD_STRING = "android";
+ private static final char[] PASSWORD_CHAR = PASSWORD_STRING.toCharArray();
+ private static final String DEBUG_ALIAS = "AndroidDebugKey";
+
+ // Certificate CN value. This is a hard-coded value for the debug key.
+ // Android Market checks against this value in order to refuse applications signed with
+ // debug keys.
+ private static final String CERTIFICATE_DESC = "CN=Android Debug,O=Android,C=US";
+
+ private KeyStore.PrivateKeyEntry mEntry;
+
+ public static class KeytoolException extends Exception {
+ /** default serial uid */
+ private static final long serialVersionUID = 1L;
+ private String mJavaHome = null;
+ private String mCommandLine = null;
+
+ KeytoolException(String message) {
+ super(message);
+ }
+
+ KeytoolException(String message, String javaHome, String commandLine) {
+ super(message);
+
+ mJavaHome = javaHome;
+ mCommandLine = commandLine;
+ }
+
+ public String getJavaHome() {
+ return mJavaHome;
+ }
+
+ public String getCommandLine() {
+ return mCommandLine;
+ }
+ }
+
+ /**
+ * Creates a provider using a keystore at the given location.
+ * <p/>The keystore, and a new random android debug key are created if they do not yet exist.
+ * <p/>Password for the store/key is <code>android</code>, and the key alias is
+ * <code>AndroidDebugKey</code>.
+ * @param osKeyStorePath the OS path to the keystore.
+ * @param storeType an optional keystore type, or <code>null</code> if the default is to
+ * be used.
+ * @param output an optional {@link IKeyGenOutput} object to get the stdout and stderr
+ * of the keytool process call.
+ * @throws KeytoolException If the creation of the debug key failed.
+ */
+ public DebugKeyProvider(String osKeyStorePath, String storeType, IKeyGenOutput output)
+ throws KeyStoreException, NoSuchAlgorithmException, CertificateException,
+ UnrecoverableEntryException, IOException, KeytoolException {
+
+ if (loadKeyEntry(osKeyStorePath, storeType) == false) {
+ // create the store with they key
+ createNewStore(osKeyStorePath, storeType, output);
+ }
+ }
+
+ /**
+ * Creates a provider using the default keystore location.
+ * <p/>The keystore, and a new random android debug key are created if they do not yet exist.
+ * <p/>Password for the store/key is <code>android</code>, and the key alias is
+ * <code>AndroidDebugKey</code>.
+ * @param storeType an optional keystore type, or <code>null</code> if the default is to
+ * be used.
+ * @param output an optional {@link IKeyGenOutput} object to get the stdout and stderr
+ * of the keytool process call.
+ * @throws KeytoolException If the creation of the debug key failed.
+ * @throws AndroidLocationException If getting the location to store android files failed.
+ */
+ public DebugKeyProvider(String storeType, IKeyGenOutput output) throws KeyStoreException,
+ NoSuchAlgorithmException, CertificateException, UnrecoverableEntryException,
+ IOException, KeytoolException, AndroidLocationException {
+
+ String osKeyStorePath = getDefaultKeyStoreOsPath();
+ if (loadKeyEntry(osKeyStorePath, storeType) == false) {
+ // create the store with the key
+ createNewStore(osKeyStorePath, storeType, output);
+ }
+ }
+
+ /**
+ * Returns the OS path to the default debug keystore.
+ *
+ * @return The OS path to the default debug keystore.
+ * @throws KeytoolException
+ * @throws AndroidLocationException
+ */
+ public static String getDefaultKeyStoreOsPath()
+ throws KeytoolException, AndroidLocationException {
+ String folder = AndroidLocation.getFolder();
+ if (folder == null) {
+ throw new KeytoolException("Failed to get HOME directory!\n");
+ }
+ String osKeyStorePath = folder + "debug.keystore";
+
+ return osKeyStorePath;
+ }
+
+ /**
+ * Returns the debug {@link PrivateKey} to use to sign applications for debug purpose.
+ * @return the private key or <code>null</code> if its creation failed.
+ */
+ public PrivateKey getDebugKey() throws KeyStoreException, NoSuchAlgorithmException,
+ UnrecoverableKeyException, UnrecoverableEntryException {
+ if (mEntry != null) {
+ return mEntry.getPrivateKey();
+ }
+
+ return null;
+ }
+
+ /**
+ * Returns the debug {@link Certificate} to use to sign applications for debug purpose.
+ * @return the certificate or <code>null</code> if its creation failed.
+ */
+ public Certificate getCertificate() throws KeyStoreException, NoSuchAlgorithmException,
+ UnrecoverableKeyException, UnrecoverableEntryException {
+ if (mEntry != null) {
+ return mEntry.getCertificate();
+ }
+
+ return null;
+ }
+
+ /**
+ * Loads the debug key from the keystore.
+ * @param osKeyStorePath the OS path to the keystore.
+ * @param storeType an optional keystore type, or <code>null</code> if the default is to
+ * be used.
+ * @return <code>true</code> if success, <code>false</code> if the keystore does not exist.
+ */
+ private boolean loadKeyEntry(String osKeyStorePath, String storeType) throws KeyStoreException,
+ NoSuchAlgorithmException, CertificateException, IOException,
+ UnrecoverableEntryException {
+ try {
+ KeyStore keyStore = KeyStore.getInstance(
+ storeType != null ? storeType : KeyStore.getDefaultType());
+ FileInputStream fis = new FileInputStream(osKeyStorePath);
+ keyStore.load(fis, PASSWORD_CHAR);
+ fis.close();
+ mEntry = (KeyStore.PrivateKeyEntry)keyStore.getEntry(
+ DEBUG_ALIAS, new KeyStore.PasswordProtection(PASSWORD_CHAR));
+ } catch (FileNotFoundException e) {
+ return false;
+ }
+
+ return true;
+ }
+
+ /**
+ * Creates a new store
+ * @param osKeyStorePath the location of the store
+ * @param storeType an optional keystore type, or <code>null</code> if the default is to
+ * be used.
+ * @param output an optional {@link IKeyGenOutput} object to get the stdout and stderr
+ * of the keytool process call.
+ * @throws KeyStoreException
+ * @throws NoSuchAlgorithmException
+ * @throws CertificateException
+ * @throws UnrecoverableEntryException
+ * @throws IOException
+ * @throws KeytoolException
+ */
+ private void createNewStore(String osKeyStorePath, String storeType, IKeyGenOutput output)
+ throws KeyStoreException, NoSuchAlgorithmException, CertificateException,
+ UnrecoverableEntryException, IOException, KeytoolException {
+
+ // get the executable name of keytool depending on the platform.
+ String os = System.getProperty("os.name");
+
+ String keytoolCommand;
+ if (os.startsWith("Windows")) {
+ keytoolCommand = "keytool.exe";
+ } else {
+ keytoolCommand = "keytool";
+ }
+
+ String javaHome = System.getProperty("java.home");
+
+ if (javaHome != null && javaHome.length() > 0) {
+ keytoolCommand = javaHome + File.separator + "bin" + File.separator + keytoolCommand;
+ }
+
+ // create the command line to call key tool to build the key with no user input.
+ ArrayList<String> commandList = new ArrayList<String>();
+ commandList.add(keytoolCommand);
+ commandList.add("-genkey");
+ commandList.add("-alias");
+ commandList.add(DEBUG_ALIAS);
+ commandList.add("-keyalg");
+ commandList.add("RSA");
+ commandList.add("-dname");
+ commandList.add(CERTIFICATE_DESC);
+ commandList.add("-validity");
+ commandList.add("365");
+ commandList.add("-keypass");
+ commandList.add(PASSWORD_STRING);
+ commandList.add("-keystore");
+ commandList.add(osKeyStorePath);
+ commandList.add("-storepass");
+ commandList.add(PASSWORD_STRING);
+ if (storeType != null) {
+ commandList.add("-storetype");
+ commandList.add(storeType);
+ }
+
+ String[] commandArray = commandList.toArray(new String[commandList.size()]);
+
+ // launch the command line process
+ int result = 0;
+ try {
+ result = grabProcessOutput(Runtime.getRuntime().exec(commandArray), output);
+ } catch (Exception e) {
+ // create the command line as one string
+ StringBuilder builder = new StringBuilder();
+ boolean firstArg = true;
+ for (String arg : commandArray) {
+ boolean hasSpace = arg.indexOf(' ') != -1;
+
+ if (firstArg == true) {
+ firstArg = false;
+ } else {
+ builder.append(' ');
+ }
+
+ if (hasSpace) {
+ builder.append('"');
+ }
+
+ builder.append(arg);
+
+ if (hasSpace) {
+ builder.append('"');
+ }
+ }
+
+ throw new KeytoolException("Failed to create debug key: " + e.getMessage(),
+ javaHome, builder.toString());
+ }
+
+ if (result != 0) {
+ return;
+ }
+ loadKeyEntry(osKeyStorePath, storeType);
+ }
+
+ /**
+ * Get the stderr/stdout outputs of a process and return when the process is done.
+ * Both <b>must</b> be read or the process will block on windows.
+ * @param process The process to get the ouput from
+ * @return the process return code.
+ * @throws InterruptedException
+ */
+ private int grabProcessOutput(final Process process, final IKeyGenOutput output) {
+ // read the lines as they come. if null is returned, it's
+ // because the process finished
+ Thread t1 = new Thread("") {
+ @Override
+ public void run() {
+ // create a buffer to read the stderr output
+ InputStreamReader is = new InputStreamReader(process.getErrorStream());
+ BufferedReader errReader = new BufferedReader(is);
+
+ try {
+ while (true) {
+ String line = errReader.readLine();
+ if (line != null) {
+ if (output != null) {
+ output.err(line);
+ } else {
+ System.err.println(line);
+ }
+ } else {
+ break;
+ }
+ }
+ } catch (IOException e) {
+ // do nothing.
+ }
+ }
+ };
+
+ Thread t2 = new Thread("") {
+ @Override
+ public void run() {
+ InputStreamReader is = new InputStreamReader(process.getInputStream());
+ BufferedReader outReader = new BufferedReader(is);
+
+ try {
+ while (true) {
+ String line = outReader.readLine();
+ if (line != null) {
+ if (output != null) {
+ output.out(line);
+ } else {
+ System.out.println(line);
+ }
+ } else {
+ break;
+ }
+ }
+ } catch (IOException e) {
+ // do nothing.
+ }
+ }
+ };
+
+ t1.start();
+ t2.start();
+
+ // it looks like on windows process#waitFor() can return
+ // before the thread have filled the arrays, so we wait for both threads and the
+ // process itself.
+ try {
+ t1.join();
+ } catch (InterruptedException e) {
+ }
+ try {
+ t2.join();
+ } catch (InterruptedException e) {
+ }
+
+ // get the return code from the process
+ try {
+ return process.waitFor();
+ } catch (InterruptedException e) {
+ // since we're waiting for the output thread above, we should never actually wait
+ // on the process to end, since it'll be done by the time we call waitFor()
+ return 0;
+ }
+ }
+}
diff --git a/jarutils/src/com/android/jarutils/JavaResourceFilter.java b/jarutils/src/com/android/jarutils/JavaResourceFilter.java
new file mode 100644
index 0000000..ca3dcc7
--- /dev/null
+++ b/jarutils/src/com/android/jarutils/JavaResourceFilter.java
@@ -0,0 +1,95 @@
+/*
+ * Copyright (C) 2008 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.jarutils;
+
+import com.android.jarutils.SignedJarBuilder.IZipEntryFilter;
+
+/**
+ * A basic implementation of {@link IZipEntryFilter} to filter out anything that is not a
+ * java resource.
+ */
+public class JavaResourceFilter implements IZipEntryFilter {
+
+ public boolean checkEntry(String name) {
+ // split the path into segments.
+ String[] segments = name.split("/");
+
+ // empty path? skip to next entry.
+ if (segments.length == 0) {
+ return false;
+ }
+
+ // Check each folders to make sure they should be included.
+ // Folders like CVS, .svn, etc.. should already have been excluded from the
+ // jar file, but we need to exclude some other folder (like /META-INF) so
+ // we check anyway.
+ for (int i = 0 ; i < segments.length - 1; i++) {
+ if (checkFolderForPackaging(segments[i]) == false) {
+ return false;
+ }
+ }
+
+ // get the file name from the path
+ String fileName = segments[segments.length-1];
+
+ return checkFileForPackaging(fileName);
+ }
+
+ /**
+ * Checks whether a folder and its content is valid for packaging into the .apk as
+ * standard Java resource.
+ * @param folderName the name of the folder.
+ */
+ public static boolean checkFolderForPackaging(String folderName) {
+ return folderName.equals("CVS") == false &&
+ folderName.equals(".svn") == false &&
+ folderName.equals("SCCS") == false &&
+ folderName.equals("META-INF") == false &&
+ folderName.startsWith("_") == false;
+ }
+
+ /**
+ * Checks a file to make sure it should be packaged as standard resources.
+ * @param fileName the name of the file (including extension)
+ * @return true if the file should be packaged as standard java resources.
+ */
+ public static boolean checkFileForPackaging(String fileName) {
+ String[] fileSegments = fileName.split("\\.");
+ String fileExt = "";
+ if (fileSegments.length > 1) {
+ fileExt = fileSegments[fileSegments.length-1];
+ }
+
+ return checkFileForPackaging(fileName, fileExt);
+ }
+
+ /**
+ * Checks a file to make sure it should be packaged as standard resources.
+ * @param fileName the name of the file (including extension)
+ * @param extension the extension of the file (excluding '.')
+ * @return true if the file should be packaged as standard java resources.
+ */
+ public static boolean checkFileForPackaging(String fileName, String extension) {
+ return "aidl".equalsIgnoreCase(extension) == false &&
+ "java".equalsIgnoreCase(extension) == false &&
+ "class".equalsIgnoreCase(extension) == false &&
+ "package.html".equalsIgnoreCase(fileName) == false &&
+ "overview.html".equalsIgnoreCase(fileName) == false &&
+ ".cvsignore".equalsIgnoreCase(fileName) == false &&
+ ".DS_Store".equals(fileName) == false;
+ }
+}
diff --git a/jarutils/src/com/android/jarutils/SignedJarBuilder.java b/jarutils/src/com/android/jarutils/SignedJarBuilder.java
new file mode 100644
index 0000000..335ab7d
--- /dev/null
+++ b/jarutils/src/com/android/jarutils/SignedJarBuilder.java
@@ -0,0 +1,324 @@
+/*
+ * Copyright (C) 2008 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.jarutils;
+
+import sun.misc.BASE64Encoder;
+import sun.security.pkcs.ContentInfo;
+import sun.security.pkcs.PKCS7;
+import sun.security.pkcs.SignerInfo;
+import sun.security.x509.AlgorithmId;
+import sun.security.x509.X500Name;
+
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FilterOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.io.PrintStream;
+import java.security.DigestOutputStream;
+import java.security.GeneralSecurityException;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.Signature;
+import java.security.SignatureException;
+import java.security.cert.X509Certificate;
+import java.util.Map;
+import java.util.jar.Attributes;
+import java.util.jar.JarEntry;
+import java.util.jar.JarFile;
+import java.util.jar.JarOutputStream;
+import java.util.jar.Manifest;
+import java.util.zip.ZipEntry;
+import java.util.zip.ZipInputStream;
+
+/**
+ * A Jar file builder with signature support.
+ */
+public class SignedJarBuilder {
+ private static final String DIGEST_ALGORITHM = "SHA1";
+ private static final String DIGEST_ATTR = "SHA1-Digest";
+ private static final String DIGEST_MANIFEST_ATTR = "SHA1-Digest-Manifest";
+
+ /** Write to another stream and also feed it to the Signature object. */
+ private static class SignatureOutputStream extends FilterOutputStream {
+ private Signature mSignature;
+
+ public SignatureOutputStream(OutputStream out, Signature sig) {
+ super(out);
+ mSignature = sig;
+ }
+
+ @Override
+ public void write(int b) throws IOException {
+ try {
+ mSignature.update((byte) b);
+ } catch (SignatureException e) {
+ throw new IOException("SignatureException: " + e);
+ }
+ super.write(b);
+ }
+
+ @Override
+ public void write(byte[] b, int off, int len) throws IOException {
+ try {
+ mSignature.update(b, off, len);
+ } catch (SignatureException e) {
+ throw new IOException("SignatureException: " + e);
+ }
+ super.write(b, off, len);
+ }
+ }
+
+ private JarOutputStream mOutputJar;
+ private PrivateKey mKey;
+ private X509Certificate mCertificate;
+ private Manifest mManifest;
+ private BASE64Encoder mBase64Encoder;
+ private MessageDigest mMessageDigest;
+
+ private byte[] mBuffer = new byte[4096];
+
+ /**
+ * Classes which implement this interface provides a method to check whether a file should
+ * be added to a Jar file.
+ */
+ public interface IZipEntryFilter {
+ /**
+ * Checks a file for inclusion in a Jar archive.
+ * @param name the archive file path of the entry
+ * @return <code>true</code> if the file should be included.
+ */
+ public boolean checkEntry(String name);
+ }
+
+ /**
+ * Creates a {@link SignedJarBuilder} with a given output stream, and signing information.
+ * <p/>If either <code>key</code> or <code>certificate</code> is <code>null</code> then
+ * the archive will not be signed.
+ * @param out the {@link OutputStream} where to write the Jar archive.
+ * @param key the {@link PrivateKey} used to sign the archive, or <code>null</code>.
+ * @param certificate the {@link X509Certificate} used to sign the archive, or
+ * <code>null</code>.
+ * @throws IOException
+ * @throws NoSuchAlgorithmException
+ */
+ public SignedJarBuilder(OutputStream out, PrivateKey key, X509Certificate certificate)
+ throws IOException, NoSuchAlgorithmException {
+ mOutputJar = new JarOutputStream(out);
+ mOutputJar.setLevel(9);
+ mKey = key;
+ mCertificate = certificate;
+
+ if (mKey != null && mCertificate != null) {
+ mManifest = new Manifest();
+ Attributes main = mManifest.getMainAttributes();
+ main.putValue("Manifest-Version", "1.0");
+ main.putValue("Created-By", "1.0 (Android)");
+
+ mBase64Encoder = new BASE64Encoder();
+ mMessageDigest = MessageDigest.getInstance(DIGEST_ALGORITHM);
+ }
+ }
+
+ /**
+ * Writes a new {@link File} into the archive.
+ * @param inputFile the {@link File} to write.
+ * @param jarPath the filepath inside the archive.
+ * @throws IOException
+ */
+ public void writeFile(File inputFile, String jarPath) throws IOException {
+ // Get an input stream on the file.
+ FileInputStream fis = new FileInputStream(inputFile);
+ try {
+
+ // create the zip entry
+ JarEntry entry = new JarEntry(jarPath);
+ entry.setTime(inputFile.lastModified());
+
+ writeEntry(fis, entry);
+ } finally {
+ // close the file stream used to read the file
+ fis.close();
+ }
+ }
+
+ /**
+ * Copies the content of a Jar/Zip archive into the receiver archive.
+ * <p/>An optional {@link IZipEntryFilter} allows to selectively choose which files
+ * to copy over.
+ * @param input the {@link InputStream} for the Jar/Zip to copy.
+ * @param filter the filter or <code>null</code>
+ * @throws IOException
+ */
+ public void writeZip(InputStream input, IZipEntryFilter filter) throws IOException {
+ ZipInputStream zis = new ZipInputStream(input);
+
+ try {
+ // loop on the entries of the intermediary package and put them in the final package.
+ ZipEntry entry;
+ while ((entry = zis.getNextEntry()) != null) {
+ String name = entry.getName();
+
+ // do not take directories or anything inside a potential META-INF folder.
+ if (entry.isDirectory() || name.startsWith("META-INF/")) {
+ continue;
+ }
+
+ // if we have a filter, we check the entry against it
+ if (filter != null && filter.checkEntry(name) == false) {
+ continue;
+ }
+
+ JarEntry newEntry;
+
+ // Preserve the STORED method of the input entry.
+ if (entry.getMethod() == JarEntry.STORED) {
+ newEntry = new JarEntry(entry);
+ } else {
+ // Create a new entry so that the compressed len is recomputed.
+ newEntry = new JarEntry(name);
+ }
+
+ writeEntry(zis, newEntry);
+
+ zis.closeEntry();
+ }
+ } finally {
+ zis.close();
+ }
+ }
+
+ /**
+ * Closes the Jar archive by creating the manifest, and signing the archive.
+ * @throws IOException
+ * @throws GeneralSecurityException
+ */
+ public void close() throws IOException, GeneralSecurityException {
+ if (mManifest != null) {
+ // write the manifest to the jar file
+ mOutputJar.putNextEntry(new JarEntry(JarFile.MANIFEST_NAME));
+ mManifest.write(mOutputJar);
+
+ // CERT.SF
+ Signature signature = Signature.getInstance("SHA1with" + mKey.getAlgorithm());
+ signature.initSign(mKey);
+ mOutputJar.putNextEntry(new JarEntry("META-INF/CERT.SF"));
+ writeSignatureFile(new SignatureOutputStream(mOutputJar, signature));
+
+ // CERT.*
+ mOutputJar.putNextEntry(new JarEntry("META-INF/CERT." + mKey.getAlgorithm()));
+ writeSignatureBlock(signature, mCertificate, mKey);
+ }
+
+ mOutputJar.close();
+ }
+
+ /**
+ * Adds an entry to the output jar, and write its content from the {@link InputStream}
+ * @param input The input stream from where to write the entry content.
+ * @param entry the entry to write in the jar.
+ * @throws IOException
+ */
+ private void writeEntry(InputStream input, JarEntry entry) throws IOException {
+ // add the entry to the jar archive
+ mOutputJar.putNextEntry(entry);
+
+ // read the content of the entry from the input stream, and write it into the archive.
+ int count;
+ while ((count = input.read(mBuffer)) != -1) {
+ mOutputJar.write(mBuffer, 0, count);
+
+ // update the digest
+ if (mMessageDigest != null) {
+ mMessageDigest.update(mBuffer, 0, count);
+ }
+ }
+
+ // close the entry for this file
+ mOutputJar.closeEntry();
+
+ if (mManifest != null) {
+ // update the manifest for this entry.
+ Attributes attr = mManifest.getAttributes(entry.getName());
+ if (attr == null) {
+ attr = new Attributes();
+ mManifest.getEntries().put(entry.getName(), attr);
+ }
+ attr.putValue(DIGEST_ATTR, mBase64Encoder.encode(mMessageDigest.digest()));
+ }
+ }
+
+ /** Writes a .SF file with a digest to the manifest. */
+ private void writeSignatureFile(OutputStream out)
+ throws IOException, GeneralSecurityException {
+ Manifest sf = new Manifest();
+ Attributes main = sf.getMainAttributes();
+ main.putValue("Signature-Version", "1.0");
+ main.putValue("Created-By", "1.0 (Android)");
+
+ BASE64Encoder base64 = new BASE64Encoder();
+ MessageDigest md = MessageDigest.getInstance(DIGEST_ALGORITHM);
+ PrintStream print = new PrintStream(
+ new DigestOutputStream(new ByteArrayOutputStream(), md),
+ true, "UTF-8");
+
+ // Digest of the entire manifest
+ mManifest.write(print);
+ print.flush();
+ main.putValue(DIGEST_MANIFEST_ATTR, base64.encode(md.digest()));
+
+ Map<String, Attributes> entries = mManifest.getEntries();
+ for (Map.Entry<String, Attributes> entry : entries.entrySet()) {
+ // Digest of the manifest stanza for this entry.
+ print.print("Name: " + entry.getKey() + "\r\n");
+ for (Map.Entry<Object, Object> att : entry.getValue().entrySet()) {
+ print.print(att.getKey() + ": " + att.getValue() + "\r\n");
+ }
+ print.print("\r\n");
+ print.flush();
+
+ Attributes sfAttr = new Attributes();
+ sfAttr.putValue(DIGEST_ATTR, base64.encode(md.digest()));
+ sf.getEntries().put(entry.getKey(), sfAttr);
+ }
+
+ sf.write(out);
+ }
+
+ /** Write the certificate file with a digital signature. */
+ private void writeSignatureBlock(Signature signature, X509Certificate publicKey,
+ PrivateKey privateKey)
+ throws IOException, GeneralSecurityException {
+ SignerInfo signerInfo = new SignerInfo(
+ new X500Name(publicKey.getIssuerX500Principal().getName()),
+ publicKey.getSerialNumber(),
+ AlgorithmId.get(DIGEST_ALGORITHM),
+ AlgorithmId.get(privateKey.getAlgorithm()),
+ signature.sign());
+
+ PKCS7 pkcs7 = new PKCS7(
+ new AlgorithmId[] { AlgorithmId.get(DIGEST_ALGORITHM) },
+ new ContentInfo(ContentInfo.DATA_OID, null),
+ new X509Certificate[] { publicKey },
+ new SignerInfo[] { signerInfo });
+
+ pkcs7.encodeSignedData(mOutputJar);
+ }
+}