diff options
| author | Sami Tolvanen <samitolvanen@google.com> | 2015-09-17 10:38:20 +0000 |
|---|---|---|
| committer | Android Git Automerger <android-git-automerger@android.com> | 2015-09-17 10:38:20 +0000 |
| commit | 7f6d74497435cb71a676e8fccf17edec864d16bc (patch) | |
| tree | 0a4cf9441e80ba5f29d359376a1bd66c4e0df85c /verity | |
| parent | c43a3c59c45cef7711d073f022cae6400a0043a9 (diff) | |
| parent | 510ade28faa0a940965dc2d379c42fa45cdea395 (diff) | |
| download | extras-7f6d74497435cb71a676e8fccf17edec864d16bc.tar.gz | |
am 510ade28: Merge "boot_signer: allow verification using an external certificate"
* commit '510ade28faa0a940965dc2d379c42fa45cdea395':
boot_signer: allow verification using an external certificate
Diffstat (limited to 'verity')
| -rw-r--r-- | verity/BootSignature.java | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/verity/BootSignature.java b/verity/BootSignature.java index 03eb32a7..3cf94990 100644 --- a/verity/BootSignature.java +++ b/verity/BootSignature.java @@ -149,6 +149,7 @@ public class BootSignature extends ASN1Object throws Exception, IOException, CertificateEncodingException { ASN1InputStream s = new ASN1InputStream(cert.getEncoded()); certificate = s.readObject(); + publicKey = cert.getPublicKey(); } public byte[] generateSignableImage(byte[] image) throws IOException { @@ -253,7 +254,7 @@ public class BootSignature extends ASN1Object Utils.write(image_with_metadata, outPath); } - public static void verifySignature(String imagePath) throws Exception { + public static void verifySignature(String imagePath, String certPath) throws Exception { byte[] image = Utils.read(imagePath); int signableSize = getSignableImageSize(image); @@ -264,6 +265,11 @@ public class BootSignature extends ASN1Object byte[] signature = Arrays.copyOfRange(image, signableSize, image.length); BootSignature bootsig = new BootSignature(signature); + if (!certPath.isEmpty()) { + System.err.println("NOTE: verifying using public key from " + certPath); + bootsig.setCertificate(Utils.loadPEMCertificate(certPath)); + } + try { if (bootsig.verify(Arrays.copyOf(image, signableSize))) { System.err.println("Signature is VALID"); @@ -291,8 +297,15 @@ public class BootSignature extends ASN1Object Security.addProvider(new BouncyCastleProvider()); if ("-verify".equals(args[0])) { + String certPath = ""; + + if (args.length >= 4 && "-certificate".equals(args[2])) { + /* args[3] is the path to a public key certificate */ + certPath = args[3]; + } + /* args[1] is the path to a signed boot image */ - verifySignature(args[1]); + verifySignature(args[1], certPath); } else { /* args[0] is the target name, typically /boot args[1] is the path to a boot image to sign |