diff options
Diffstat (limited to 'fastbootd/other')
-rw-r--r-- | fastbootd/other/sign/src/SignImg.java | 181 |
1 files changed, 181 insertions, 0 deletions
diff --git a/fastbootd/other/sign/src/SignImg.java b/fastbootd/other/sign/src/SignImg.java new file mode 100644 index 0000000..338d427 --- /dev/null +++ b/fastbootd/other/sign/src/SignImg.java @@ -0,0 +1,181 @@ +package signtool; + +import java.io.*; +import java.util.Properties; +import java.util.ArrayList; + +import javax.mail.internet.*; +import javax.mail.MessagingException; +import javax.mail.Session; +import javax.activation.MailcapCommandMap; +import javax.activation.CommandMap; + +import java.security.PrivateKey; +import java.security.Security; +import java.security.KeyFactory; +import java.security.KeyStore; +import java.security.NoSuchAlgorithmException; +import java.security.spec.PKCS8EncodedKeySpec; +import java.security.spec.InvalidKeySpecException; +import java.security.cert.X509Certificate; +import java.security.cert.CertificateFactory; +import java.security.cert.Certificate; +import java.security.cert.CertificateException; +import java.security.cert.CertificateEncodingException; + +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder; +import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder; +import org.bouncycastle.operator.ContentSigner; +import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; +import org.bouncycastle.cms.CMSProcessableByteArray; +import org.bouncycastle.cms.CMSSignedGenerator; +import org.bouncycastle.cms.CMSSignedDataGenerator; +import org.bouncycastle.cms.CMSSignedGenerator; +import org.bouncycastle.cms.CMSProcessable; +import org.bouncycastle.cms.CMSSignedData; +import org.bouncycastle.cms.CMSTypedData; +import org.bouncycastle.cert.jcajce.JcaCertStore; +import org.bouncycastle.util.Store; +import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.DEROutputStream; +import org.bouncycastle.asn1.ASN1Object; + + +public class SignImg { + + /* It reads private key in pkcs#8 formate + * Conversion: + * openssl pkcs8 -topk8 -nocrypt -outform DER < inkey.pem > outkey.pk8 + */ + private static PrivateKey getPrivateKey(String path) throws IOException, FileNotFoundException, NoSuchAlgorithmException, InvalidKeySpecException { + File file = new File(path); + FileInputStream fis = new FileInputStream(file); + byte[] data = new byte[(int)file.length()]; + fis.read(data); + fis.close(); + + PKCS8EncodedKeySpec kspec = new PKCS8EncodedKeySpec(data); + KeyFactory kf = KeyFactory.getInstance("RSA"); + PrivateKey privateKey = kf.generatePrivate(kspec); + + return privateKey; + } + + private static MimeBodyPart getContent(String path) throws IOException, FileNotFoundException, MessagingException { + MimeBodyPart body = new MimeBodyPart(); + + File file = new File(path); + FileInputStream fis = new FileInputStream(file); + byte[] data = new byte[(int)file.length()]; + fis.read(data); + fis.close(); + + body.setContent(data, "application/octet-stream"); + + return body; + } + + private static CMSProcessableByteArray getCMSContent(String path) throws IOException, FileNotFoundException, MessagingException { + File file = new File(path); + FileInputStream fis = new FileInputStream(file); + byte[] data = new byte[(int)file.length()]; + fis.read(data); + fis.close(); + CMSProcessableByteArray cms = new CMSProcessableByteArray(data); + + return cms; + } + + private static X509Certificate readCert(String path) throws IOException, FileNotFoundException, CertificateException { + File file = new File(path); + FileInputStream is = new FileInputStream(file); + + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + Certificate cert = cf.generateCertificate(is); + is.close(); + + return (X509Certificate) cert; + } + + private static void save(MimeBodyPart content, String path) throws IOException, FileNotFoundException, MessagingException { + File file = new File(path); + FileOutputStream os = new FileOutputStream(file); + + content.writeTo(os); + + os.close(); + } + + private static Store certToStore(X509Certificate certificate) throws CertificateEncodingException { + ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>(); + certList.add(certificate); + return new JcaCertStore(certList); + } + + public static void setDefaultMailcap() + { + MailcapCommandMap _mailcap = + (MailcapCommandMap)CommandMap.getDefaultCommandMap(); + + _mailcap.addMailcap("application/pkcs7-signature;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.pkcs7_signature"); + _mailcap.addMailcap("application/pkcs7-mime;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.pkcs7_mime"); + _mailcap.addMailcap("application/x-pkcs7-signature;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.x_pkcs7_signature"); + _mailcap.addMailcap("application/x-pkcs7-mime;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.x_pkcs7_mime"); + _mailcap.addMailcap("multipart/signed;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.multipart_signed"); + + CommandMap.setDefaultCommandMap(_mailcap); + } + + public static void main(String[] args) { + try { + if (args.length < 4) { + System.out.println("Usage: signimg data private_key certificate output"); + return; + } + System.out.println("Signing the image"); + setDefaultMailcap(); + + Security.addProvider(new BouncyCastleProvider()); + + PrivateKey key = getPrivateKey(args[1]); + System.out.println("File read sucessfully"); + + CMSSignedDataGenerator generator = new CMSSignedDataGenerator(); + + CMSTypedData body = getCMSContent(args[0]); + System.out.println("Content read sucessfully"); + + X509Certificate cert = (X509Certificate) readCert(args[2]); + System.out.println("Certificate read sucessfully"); + + ContentSigner sha256Signer = new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build(key); + + Store certs = certToStore(cert); + + generator.addCertificates(certs); + generator.addSignerInfoGenerator( + new JcaSignerInfoGeneratorBuilder( + new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()) + .build(sha256Signer, cert)); + + CMSSignedData signed = generator.generate(body, true); + System.out.println("Signed"); + + Properties props = System.getProperties(); + Session session = Session.getDefaultInstance(props, null); + + File file = new File(args[3]); + FileOutputStream os = new FileOutputStream(file); + + ASN1InputStream asn1 = new ASN1InputStream(signed.getEncoded()); + ByteArrayOutputStream out = new ByteArrayOutputStream(); + DEROutputStream dOut = new DEROutputStream(os); + dOut.writeObject(ASN1Object.fromByteArray(signed.getEncoded())); + + } + catch (Exception ex) { + System.out.println("Exception during programm execution: " + ex.getMessage()); + } + } +} |