1 /* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 package com.example.android.autofill.service.util; 17 18 import android.content.pm.PackageInfo; 19 import android.content.pm.PackageManager; 20 import android.content.pm.Signature; 21 22 import java.io.ByteArrayInputStream; 23 import java.io.IOException; 24 import java.io.InputStream; 25 import java.security.MessageDigest; 26 import java.security.NoSuchAlgorithmException; 27 import java.security.cert.CertificateException; 28 import java.security.cert.CertificateFactory; 29 import java.security.cert.X509Certificate; 30 31 /** 32 * Helper class for security checks. 33 */ 34 public final class SecurityHelper { 35 36 private SecurityHelper() { 37 throw new UnsupportedOperationException("Provides static methods only."); 38 } 39 40 /** 41 * Gets the fingerprint of the signed certificate of a package. 42 */ 43 public static String getFingerprint(PackageInfo packageInfo, String packageName) throws 44 PackageManager.NameNotFoundException, IOException, NoSuchAlgorithmException, 45 CertificateException { 46 Signature[] signatures = packageInfo.signatures; 47 if (signatures.length != 1) { 48 throw new SecurityException(packageName + " has " + signatures.length + " signatures"); 49 } 50 byte[] cert = signatures[0].toByteArray(); 51 try (InputStream input = new ByteArrayInputStream(cert)) { 52 CertificateFactory factory = CertificateFactory.getInstance("X509"); 53 X509Certificate x509 = (X509Certificate) factory.generateCertificate(input); 54 MessageDigest md = MessageDigest.getInstance("SHA256"); 55 byte[] publicKey = md.digest(x509.getEncoded()); 56 return toHexFormat(publicKey); 57 } 58 } 59 60 private static String toHexFormat(byte[] bytes) { 61 StringBuilder builder = new StringBuilder(bytes.length * 2); 62 for (int i = 0; i < bytes.length; i++) { 63 String hex = Integer.toHexString(bytes[i]); 64 int length = hex.length(); 65 if (length == 1) { 66 hex = "0" + hex; 67 } 68 if (length > 2) { 69 hex = hex.substring(length - 2, length); 70 } 71 builder.append(hex.toUpperCase()); 72 if (i < (bytes.length - 1)) { 73 builder.append(':'); 74 } 75 } 76 return builder.toString(); 77 } 78 } 79