summaryrefslogtreecommitdiffstats
path: root/fastbootd/other/sign
diff options
context:
space:
mode:
Diffstat (limited to 'fastbootd/other/sign')
-rw-r--r--fastbootd/other/sign/src/SignImg.java181
1 files changed, 181 insertions, 0 deletions
diff --git a/fastbootd/other/sign/src/SignImg.java b/fastbootd/other/sign/src/SignImg.java
new file mode 100644
index 0000000..338d427
--- /dev/null
+++ b/fastbootd/other/sign/src/SignImg.java
@@ -0,0 +1,181 @@
+package signtool;
+
+import java.io.*;
+import java.util.Properties;
+import java.util.ArrayList;
+
+import javax.mail.internet.*;
+import javax.mail.MessagingException;
+import javax.mail.Session;
+import javax.activation.MailcapCommandMap;
+import javax.activation.CommandMap;
+
+import java.security.PrivateKey;
+import java.security.Security;
+import java.security.KeyFactory;
+import java.security.KeyStore;
+import java.security.NoSuchAlgorithmException;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.InvalidKeySpecException;
+import java.security.cert.X509Certificate;
+import java.security.cert.CertificateFactory;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateEncodingException;
+
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
+import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
+import org.bouncycastle.operator.ContentSigner;
+import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
+import org.bouncycastle.cms.CMSProcessableByteArray;
+import org.bouncycastle.cms.CMSSignedGenerator;
+import org.bouncycastle.cms.CMSSignedDataGenerator;
+import org.bouncycastle.cms.CMSSignedGenerator;
+import org.bouncycastle.cms.CMSProcessable;
+import org.bouncycastle.cms.CMSSignedData;
+import org.bouncycastle.cms.CMSTypedData;
+import org.bouncycastle.cert.jcajce.JcaCertStore;
+import org.bouncycastle.util.Store;
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.DEROutputStream;
+import org.bouncycastle.asn1.ASN1Object;
+
+
+public class SignImg {
+
+ /* It reads private key in pkcs#8 formate
+ * Conversion:
+ * openssl pkcs8 -topk8 -nocrypt -outform DER < inkey.pem > outkey.pk8
+ */
+ private static PrivateKey getPrivateKey(String path) throws IOException, FileNotFoundException, NoSuchAlgorithmException, InvalidKeySpecException {
+ File file = new File(path);
+ FileInputStream fis = new FileInputStream(file);
+ byte[] data = new byte[(int)file.length()];
+ fis.read(data);
+ fis.close();
+
+ PKCS8EncodedKeySpec kspec = new PKCS8EncodedKeySpec(data);
+ KeyFactory kf = KeyFactory.getInstance("RSA");
+ PrivateKey privateKey = kf.generatePrivate(kspec);
+
+ return privateKey;
+ }
+
+ private static MimeBodyPart getContent(String path) throws IOException, FileNotFoundException, MessagingException {
+ MimeBodyPart body = new MimeBodyPart();
+
+ File file = new File(path);
+ FileInputStream fis = new FileInputStream(file);
+ byte[] data = new byte[(int)file.length()];
+ fis.read(data);
+ fis.close();
+
+ body.setContent(data, "application/octet-stream");
+
+ return body;
+ }
+
+ private static CMSProcessableByteArray getCMSContent(String path) throws IOException, FileNotFoundException, MessagingException {
+ File file = new File(path);
+ FileInputStream fis = new FileInputStream(file);
+ byte[] data = new byte[(int)file.length()];
+ fis.read(data);
+ fis.close();
+ CMSProcessableByteArray cms = new CMSProcessableByteArray(data);
+
+ return cms;
+ }
+
+ private static X509Certificate readCert(String path) throws IOException, FileNotFoundException, CertificateException {
+ File file = new File(path);
+ FileInputStream is = new FileInputStream(file);
+
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ Certificate cert = cf.generateCertificate(is);
+ is.close();
+
+ return (X509Certificate) cert;
+ }
+
+ private static void save(MimeBodyPart content, String path) throws IOException, FileNotFoundException, MessagingException {
+ File file = new File(path);
+ FileOutputStream os = new FileOutputStream(file);
+
+ content.writeTo(os);
+
+ os.close();
+ }
+
+ private static Store certToStore(X509Certificate certificate) throws CertificateEncodingException {
+ ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>();
+ certList.add(certificate);
+ return new JcaCertStore(certList);
+ }
+
+ public static void setDefaultMailcap()
+ {
+ MailcapCommandMap _mailcap =
+ (MailcapCommandMap)CommandMap.getDefaultCommandMap();
+
+ _mailcap.addMailcap("application/pkcs7-signature;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.pkcs7_signature");
+ _mailcap.addMailcap("application/pkcs7-mime;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.pkcs7_mime");
+ _mailcap.addMailcap("application/x-pkcs7-signature;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.x_pkcs7_signature");
+ _mailcap.addMailcap("application/x-pkcs7-mime;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.x_pkcs7_mime");
+ _mailcap.addMailcap("multipart/signed;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.multipart_signed");
+
+ CommandMap.setDefaultCommandMap(_mailcap);
+ }
+
+ public static void main(String[] args) {
+ try {
+ if (args.length < 4) {
+ System.out.println("Usage: signimg data private_key certificate output");
+ return;
+ }
+ System.out.println("Signing the image");
+ setDefaultMailcap();
+
+ Security.addProvider(new BouncyCastleProvider());
+
+ PrivateKey key = getPrivateKey(args[1]);
+ System.out.println("File read sucessfully");
+
+ CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
+
+ CMSTypedData body = getCMSContent(args[0]);
+ System.out.println("Content read sucessfully");
+
+ X509Certificate cert = (X509Certificate) readCert(args[2]);
+ System.out.println("Certificate read sucessfully");
+
+ ContentSigner sha256Signer = new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build(key);
+
+ Store certs = certToStore(cert);
+
+ generator.addCertificates(certs);
+ generator.addSignerInfoGenerator(
+ new JcaSignerInfoGeneratorBuilder(
+ new JcaDigestCalculatorProviderBuilder().setProvider("BC").build())
+ .build(sha256Signer, cert));
+
+ CMSSignedData signed = generator.generate(body, true);
+ System.out.println("Signed");
+
+ Properties props = System.getProperties();
+ Session session = Session.getDefaultInstance(props, null);
+
+ File file = new File(args[3]);
+ FileOutputStream os = new FileOutputStream(file);
+
+ ASN1InputStream asn1 = new ASN1InputStream(signed.getEncoded());
+ ByteArrayOutputStream out = new ByteArrayOutputStream();
+ DEROutputStream dOut = new DEROutputStream(os);
+ dOut.writeObject(ASN1Object.fromByteArray(signed.getEncoded()));
+
+ }
+ catch (Exception ex) {
+ System.out.println("Exception during programm execution: " + ex.getMessage());
+ }
+ }
+}