From c6cf01a1170c3a7a5b03135b01cf97f06e1b953d Mon Sep 17 00:00:00 2001 From: Doug Zongker Date: Wed, 12 Aug 2009 18:20:24 -0700 Subject: [PATCH] add whole-file signature mode to SignApk Make SignApk generate a signature for (nearly) the entire zip file when run with the -w option. The signature covers all of the zip file except for the archive comment (conveniently the last thing in a zip file); the archive comment field is used to contain the signature itself. --- tools/signapk/SignApk.java | 91 ++++++++++++++++++++++++++++++++++---- 1 file changed, 83 insertions(+), 8 deletions(-) diff --git a/tools/signapk/SignApk.java b/tools/signapk/SignApk.java index caf7935b3..73bb3fe61 100644 --- a/tools/signapk/SignApk.java +++ b/tools/signapk/SignApk.java @@ -247,7 +247,7 @@ class SignApk { } } - /** Write a .SF file with a digest the specified manifest. */ + /** Write a .SF file with a digest of the specified manifest. */ private static void writeSignatureFile(Manifest manifest, OutputStream out) throws IOException, GeneralSecurityException { Manifest sf = new Manifest(); @@ -304,6 +304,56 @@ class SignApk { pkcs7.encodeSignedData(out); } + private static void signWholeOutputFile(byte[] zipData, + OutputStream outputStream, + X509Certificate publicKey, + PrivateKey privateKey) + throws IOException, GeneralSecurityException { + + // For a zip with no archive comment, the + // end-of-central-directory record will be 22 bytes long, so + // we expect to find the EOCD marker 22 bytes from the end. + if (zipData[zipData.length-22] != 0x50 || + zipData[zipData.length-21] != 0x4b || + zipData[zipData.length-20] != 0x05 || + zipData[zipData.length-19] != 0x06) { + throw new IllegalArgumentException("zip data already has an archive comment"); + } + + Signature signature = Signature.getInstance("SHA1withRSA"); + signature.initSign(privateKey); + signature.update(zipData, 0, zipData.length-2); + + ByteArrayOutputStream temp = new ByteArrayOutputStream(); + + // put a readable message and a null char at the start of the + // archive comment, so that tools that display the comment + // (hopefully) show something sensible. + // TODO: anything more useful we can put in this message? + byte[] message = "signed by SignApk".getBytes("UTF-8"); + temp.write(message); + temp.write(0); + writeSignatureBlock(signature, publicKey, temp); + int total_size = temp.size() + 6; + if (total_size > 0xffff) { + throw new IllegalArgumentException("signature is too big for ZIP file comment"); + } + // signature starts this many bytes from the end of the file + int signature_start = total_size - message.length - 1; + temp.write(0xff); + temp.write(0xff); + temp.write(signature_start & 0xff); + temp.write((signature_start >> 8) & 0xff); + temp.write(total_size & 0xff); + temp.write((total_size >> 8) & 0xff); + temp.flush(); + + outputStream.write(zipData, 0, zipData.length-2); + outputStream.write(total_size & 0xff); + outputStream.write((total_size >> 8) & 0xff); + temp.writeTo(outputStream); + } + /** * Copy all the files in a manifest from input to output. We set * the modification times in the output to a fixed time, so as to @@ -340,25 +390,40 @@ class SignApk { } public static void main(String[] args) { - if (args.length != 4) { - System.err.println("Usage: signapk " + + if (args.length != 4 && args.length != 5) { + System.err.println("Usage: signapk [-w] " + "publickey.x509[.pem] privatekey.pk8 " + "input.jar output.jar"); System.exit(2); } + boolean signWholeFile = false; + int argstart = 0; + if (args[0].equals("-w")) { + signWholeFile = true; + argstart = 1; + } + JarFile inputJar = null; JarOutputStream outputJar = null; + FileOutputStream outputFile = null; try { - X509Certificate publicKey = readPublicKey(new File(args[0])); + X509Certificate publicKey = readPublicKey(new File(args[argstart+0])); // Assume the certificate is valid for at least an hour. long timestamp = publicKey.getNotBefore().getTime() + 3600L * 1000; - PrivateKey privateKey = readPrivateKey(new File(args[1])); - inputJar = new JarFile(new File(args[2]), false); // Don't verify. - outputJar = new JarOutputStream(new FileOutputStream(args[3])); + PrivateKey privateKey = readPrivateKey(new File(args[argstart+1])); + inputJar = new JarFile(new File(args[argstart+2]), false); // Don't verify. + + OutputStream outputStream = null; + if (signWholeFile) { + outputStream = new ByteArrayOutputStream(); + } else { + outputStream = outputFile = new FileOutputStream(args[argstart+3]); + } + outputJar = new JarOutputStream(outputStream); outputJar.setLevel(9); JarEntry je; @@ -387,13 +452,23 @@ class SignApk { // Everything else copyFiles(manifest, inputJar, outputJar, timestamp); + + outputJar.close(); + outputJar = null; + outputStream.flush(); + + if (signWholeFile) { + outputFile = new FileOutputStream(args[argstart+3]); + signWholeOutputFile(((ByteArrayOutputStream)outputStream).toByteArray(), + outputFile, publicKey, privateKey); + } } catch (Exception e) { e.printStackTrace(); System.exit(1); } finally { try { if (inputJar != null) inputJar.close(); - if (outputJar != null) outputJar.close(); + if (outputFile != null) outputFile.close(); } catch (IOException e) { e.printStackTrace(); System.exit(1);