Home | History | Annotate | Download | only in util 
      1 /*
      2  * Copyright (C) 2017 The Android Open Source Project
      3  *
      4  * Licensed under the Apache License, Version 2.0 (the "License");
      5  * you may not use this file except in compliance with the License.
      6  * You may obtain a copy of the License at
      7  *
      8  *      http://www.apache.org/licenses/LICENSE-2.0
      9  *
     10  * Unless required by applicable law or agreed to in writing, software
     11  * distributed under the License is distributed on an "AS IS" BASIS,
     12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13  * See the License for the specific language governing permissions and
     14  * limitations under the License.
     15  */
     16 package com.example.android.autofill.service.util;
     17 
     18 import android.content.pm.PackageInfo;
     19 import android.content.pm.PackageManager;
     20 import android.content.pm.Signature;
     21 
     22 import java.io.ByteArrayInputStream;
     23 import java.io.IOException;
     24 import java.io.InputStream;
     25 import java.security.MessageDigest;
     26 import java.security.NoSuchAlgorithmException;
     27 import java.security.cert.CertificateException;
     28 import java.security.cert.CertificateFactory;
     29 import java.security.cert.X509Certificate;
     30 
     31 /**
     32  * Helper class for security checks.
     33  */
     34 public final class SecurityHelper {
     35 
     36     private SecurityHelper() {
     37         throw new UnsupportedOperationException("Provides static methods only.");
     38     }
     39 
     40     /**
     41      * Gets the fingerprint of the signed certificate of a package.
     42      */
     43     public static String getFingerprint(PackageInfo packageInfo, String packageName) throws
     44             PackageManager.NameNotFoundException, IOException, NoSuchAlgorithmException,
     45             CertificateException {
     46         Signature[] signatures = packageInfo.signatures;
     47         if (signatures.length != 1) {
     48             throw new SecurityException(packageName + " has " + signatures.length + " signatures");
     49         }
     50         byte[] cert = signatures[0].toByteArray();
     51         try (InputStream input = new ByteArrayInputStream(cert)) {
     52             CertificateFactory factory = CertificateFactory.getInstance("X509");
     53             X509Certificate x509 = (X509Certificate) factory.generateCertificate(input);
     54             MessageDigest md = MessageDigest.getInstance("SHA256");
     55             byte[] publicKey = md.digest(x509.getEncoded());
     56             return toHexFormat(publicKey);
     57         }
     58     }
     59 
     60     private static String toHexFormat(byte[] bytes) {
     61         StringBuilder builder = new StringBuilder(bytes.length * 2);
     62         for (int i = 0; i < bytes.length; i++) {
     63             String hex = Integer.toHexString(bytes[i]);
     64             int length = hex.length();
     65             if (length == 1) {
     66                 hex = "0" + hex;
     67             }
     68             if (length > 2) {
     69                 hex = hex.substring(length - 2, length);
     70             }
     71             builder.append(hex.toUpperCase());
     72             if (i < (bytes.length - 1)) {
     73                 builder.append(':');
     74             }
     75         }
     76         return builder.toString();
     77     }
     78 }
     79