xref: /aosp_15_r20/system/extras/verity/VeritySigner.java (revision 288bf5226967eb3dac5cce6c939ccc2a7f2b4fe5) 
1*288bf522SAndroid Build Coastguard Worker /*
2*288bf522SAndroid Build Coastguard Worker  * Copyright (C) 2013 The Android Open Source Project
3*288bf522SAndroid Build Coastguard Worker  *
4*288bf522SAndroid Build Coastguard Worker  * Licensed under the Apache License, Version 2.0 (the "License");
5*288bf522SAndroid Build Coastguard Worker  * you may not use this file except in compliance with the License.
6*288bf522SAndroid Build Coastguard Worker  * You may obtain a copy of the License at
7*288bf522SAndroid Build Coastguard Worker  *
8*288bf522SAndroid Build Coastguard Worker  *      http://www.apache.org/licenses/LICENSE-2.0
9*288bf522SAndroid Build Coastguard Worker  *
10*288bf522SAndroid Build Coastguard Worker  * Unless required by applicable law or agreed to in writing, software
11*288bf522SAndroid Build Coastguard Worker  * distributed under the License is distributed on an "AS IS" BASIS,
12*288bf522SAndroid Build Coastguard Worker  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13*288bf522SAndroid Build Coastguard Worker  * See the License for the specific language governing permissions and
14*288bf522SAndroid Build Coastguard Worker  * limitations under the License.
15*288bf522SAndroid Build Coastguard Worker  */
16*288bf522SAndroid Build Coastguard Worker 
17*288bf522SAndroid Build Coastguard Worker package com.android.verity;
18*288bf522SAndroid Build Coastguard Worker 
19*288bf522SAndroid Build Coastguard Worker import java.security.PublicKey;
20*288bf522SAndroid Build Coastguard Worker import java.security.PrivateKey;
21*288bf522SAndroid Build Coastguard Worker import java.security.Security;
22*288bf522SAndroid Build Coastguard Worker import java.security.cert.X509Certificate;
23*288bf522SAndroid Build Coastguard Worker import org.bouncycastle.jce.provider.BouncyCastleProvider;
24*288bf522SAndroid Build Coastguard Worker 
25*288bf522SAndroid Build Coastguard Worker public class VeritySigner {
26*288bf522SAndroid Build Coastguard Worker 
usage()27*288bf522SAndroid Build Coastguard Worker     private static void usage() {
28*288bf522SAndroid Build Coastguard Worker         System.err.println("usage: VeritySigner <contentfile> <key.pk8> " +
29*288bf522SAndroid Build Coastguard Worker                 "<sigfile> | <contentfile> <certificate.x509.pem> <sigfile> " +
30*288bf522SAndroid Build Coastguard Worker                 "-verify");
31*288bf522SAndroid Build Coastguard Worker         System.exit(1);
32*288bf522SAndroid Build Coastguard Worker     }
33*288bf522SAndroid Build Coastguard Worker 
main(String[] args)34*288bf522SAndroid Build Coastguard Worker     public static void main(String[] args) throws Exception {
35*288bf522SAndroid Build Coastguard Worker         if (args.length < 3) {
36*288bf522SAndroid Build Coastguard Worker             usage();
37*288bf522SAndroid Build Coastguard Worker             return;
38*288bf522SAndroid Build Coastguard Worker         }
39*288bf522SAndroid Build Coastguard Worker 
40*288bf522SAndroid Build Coastguard Worker         Security.addProvider(new BouncyCastleProvider());
41*288bf522SAndroid Build Coastguard Worker 
42*288bf522SAndroid Build Coastguard Worker         byte[] content = Utils.read(args[0]);
43*288bf522SAndroid Build Coastguard Worker 
44*288bf522SAndroid Build Coastguard Worker         if (args.length > 3 && "-verify".equals(args[3])) {
45*288bf522SAndroid Build Coastguard Worker             X509Certificate cert = Utils.loadPEMCertificate(args[1]);
46*288bf522SAndroid Build Coastguard Worker             PublicKey publicKey = cert.getPublicKey();
47*288bf522SAndroid Build Coastguard Worker 
48*288bf522SAndroid Build Coastguard Worker             byte[] signature = Utils.read(args[2]);
49*288bf522SAndroid Build Coastguard Worker 
50*288bf522SAndroid Build Coastguard Worker             try {
51*288bf522SAndroid Build Coastguard Worker                 if (Utils.verify(publicKey, content, signature,
52*288bf522SAndroid Build Coastguard Worker                             Utils.getSignatureAlgorithmIdentifier(publicKey))) {
53*288bf522SAndroid Build Coastguard Worker                     System.err.println("Signature is VALID");
54*288bf522SAndroid Build Coastguard Worker                     System.exit(0);
55*288bf522SAndroid Build Coastguard Worker                 } else {
56*288bf522SAndroid Build Coastguard Worker                     System.err.println("Signature is INVALID");
57*288bf522SAndroid Build Coastguard Worker                 }
58*288bf522SAndroid Build Coastguard Worker             } catch (Exception e) {
59*288bf522SAndroid Build Coastguard Worker                 e.printStackTrace(System.err);
60*288bf522SAndroid Build Coastguard Worker             }
61*288bf522SAndroid Build Coastguard Worker 
62*288bf522SAndroid Build Coastguard Worker             System.exit(1);
63*288bf522SAndroid Build Coastguard Worker         } else {
64*288bf522SAndroid Build Coastguard Worker             PrivateKey privateKey = Utils.loadDERPrivateKey(Utils.read(args[1]));
65*288bf522SAndroid Build Coastguard Worker             byte[] signature = Utils.sign(privateKey, content);
66*288bf522SAndroid Build Coastguard Worker             Utils.write(signature, args[2]);
67*288bf522SAndroid Build Coastguard Worker         }
68*288bf522SAndroid Build Coastguard Worker     }
69*288bf522SAndroid Build Coastguard Worker }
70