API tools faq
paste
Advertisement
ircclouding2

Untitled

ircclouding2
Nov 14th, 2019
358
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 17.36 KB | None | 0 0
raw download clone embed print report
  1. package com.amazon.android.framework.task.command;
  2.  
  3. import android.app.Application;
  4. import android.content.pm.PackageInfo;
  5. import android.content.pm.PackageManager;
  6. import android.content.pm.Signature;
  7. import com.amazon.android.b.d;
  8. import com.amazon.android.b.g;
  9. import com.amazon.android.framework.exception.KiwiException;
  10. import com.amazon.android.framework.resource.Resource;
  11. import com.amazon.android.framework.util.KiwiLogger;
  12. import com.amazon.android.g.a;
  13. import com.amazon.android.l.c;
  14. import com.amazon.mas.kiwi.util.Base64;
  15. import java.io.ByteArrayInputStream;
  16. import java.security.cert.CertificateException;
  17. import java.security.cert.CertificateFactory;
  18. import java.security.cert.X509Certificate;
  19. import java.util.Iterator;
  20. import java.util.List;
  21.  
  22. public final class f {
  23. private static final KiwiLogger a = new KiwiLogger("CommandResultVerifier");
  24. @Resource
  25. private Application b;
  26. @Resource
  27. private c c;
  28.  
  29. private PackageInfo a(String str) throws g {
  30. try {
  31. return this.b.getPackageManager().getPackageInfo(str, 64);
  32. } catch (PackageManager.NameNotFoundException e) {
  33. a.trace("getPackageInfo() caught exception" + e);
  34. throw new g();
  35. }
  36. }
  37.  
  38. private static String a(Signature signature) throws CertificateException {
  39. return Base64.encodeBytes(((X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(signature.toByteArray()))).getSignature());
  40. }
  41.  
  42. private boolean a(String str, Signature signature) throws a {
  43. try {
  44. return com.amazon.android.l.a.a(a(signature), str, this.c.a());
  45. } catch (CertificateException e) {
  46. if (KiwiLogger.ERROR_ON) {
  47. a.error("Failed to extract fingerprint from signature: " + signature);
  48. }
  49. return false;
  50. }
  51. }
  52.  
  53. private static boolean b(String str, Signature signature) {
  54. boolean z = false;
  55. try {
  56. z = str.equals(a(signature));
  57. a.trace("Signature valid: " + z);
  58. return z;
  59. } catch (CertificateException e) {
  60. a.error("Failed to extract fingerprint from signature");
  61. return z;
  62. }
  63. }
  64.  
  65. public final void a(String str, String str2) throws KiwiException {
  66. if (KiwiLogger.TRACE_ON) {
  67. a.trace("Verifying auth token: " + str);
  68. }
  69. Signature[] signatureArr = a(str2).signatures;
  70. int length = signatureArr.length;
  71. int i = 0;
  72. while (i < length) {
  73. if (!a(str, signatureArr[i])) {
  74. i++;
  75. } else {
  76. return;
  77. }
  78. }
  79. throw new d();
  80. }
  81.  
  82. public final boolean a(String str, List list) {
  83. a.trace("checkSignatures(" + str + ", " + list);
  84. try {
  85. for (Signature signature : a(str).signatures) {
  86. Iterator it = list.iterator();
  87. while (it.hasNext()) {
  88. if (b((String) it.next(), signature)) {
  89. return true;
  90. }
  91. }
  92. }
  93. } catch (g e) {
  94. a.error("isPackageSignatureValid: caught exception while checking", e);
  95. }
  96. return false;
  97. }
  98. }
  99.  
  100.  
  101. ###########################################
  102.  
  103.  
  104. package com.amazon.android.l;
  105.  
  106. import com.amazon.android.framework.util.KiwiLogger;
  107. import java.security.GeneralSecurityException;
  108. import java.security.KeyStore;
  109. import java.security.MessageDigest;
  110. import java.security.NoSuchAlgorithmException;
  111. import java.security.cert.CertPath;
  112. import java.security.cert.CertPathValidator;
  113. import java.security.cert.CertificateEncodingException;
  114. import java.security.cert.PKIXParameters;
  115. import java.security.cert.TrustAnchor;
  116. import java.security.cert.X509Certificate;
  117. import java.util.Arrays;
  118. import java.util.Date;
  119. import java.util.HashSet;
  120. import java.util.Set;
  121. import javax.net.ssl.TrustManager;
  122. import javax.net.ssl.TrustManagerFactory;
  123. import javax.net.ssl.X509TrustManager;
  124.  
  125. public final class b {
  126. private static final KiwiLogger a = new KiwiLogger("CertVerifier");
  127. private static final byte[][] e = {new byte[]{-123, 55, 28, -90, -27, 80, 20, 61, -50, 40, 3, 71, 27, -34, 58, 9, -24, -8, 119, 15}, new byte[]{-95, -37, 99, -109, -111, 111, 23, -28, 24, 85, 9, 64, 4, 21, -57, 2, 64, -80, -82, 107}, new byte[]{78, -74, -43, 120, 73, -101, 28, -49, 95, 88, 30, -83, 86, -66, 61, -101, 103, 68, -91, -27}, new byte[]{19, 45, 13, 69, 83, 75, 105, -105, -51, -78, -43, -61, 57, -30, 85, 118, 96, -101, 92, -58}, new byte[]{34, -43, -40, -33, -113, 2, 49, -47, -115, -9, -99, -73, -49, -118, 45, 100, -55, 63, 108, 58}, new byte[]{97, -17, 67, -41, Byte.MAX_VALUE, -54, -44, 97, 81, -68, -104, -32, -61, 89, 18, -81, -97, -21, 99, 17}, new byte[]{-77, -22, -60, 71, 118, -55, -56, 28, -22, -14, -99, -107, -74, -52, -96, 8, 27, 103, -20, -99}, new byte[]{-112, -82, -94, 105, -123, -1, 20, Byte.MIN_VALUE, 76, 67, 73, 82, -20, -23, 96, -124, 119, -81, 85, 111}, new byte[]{32, 66, -123, -36, -9, -21, 118, 65, -107, 87, -114, 19, 107, -44, -73, -47, -23, -114, 70, -91}, new byte[]{54, 121, -54, 53, 102, -121, 114, 48, 77, 48, -91, -5, -121, 59, 15, -89, 123, -73, 13, 84}, new byte[]{-56, -20, -116, -121, -110, 105, -53, 75, -85, 57, -23, -115, 126, 87, 103, -13, 20, -107, 115, -99}, new byte[]{81, Byte.MAX_VALUE, 97, 30, 41, -111, 107, 83, -126, -5, 114, -25, 68, -39, -115, -61, -52, 83, 109, 100}, new byte[]{64, -77, 49, -96, -23, -65, -24, 85, -68, 57, -109, -54, 112, 79, 78, -62, 81, -44, 29, -113}};
  128. private static final byte[][] f = {new byte[]{-111, -58, -42, -18, 62, -118, -56, 99, -124, -27, 72, -62, -103, 41, 92, 117, 108, -127, 123, -127}, new byte[]{-32, -85, 5, -108, 32, 114, 84, -109, 5, 96, 98, 2, 54, 112, -9, -51, 46, -4, 102, 102}, new byte[]{-97, -83, -111, -90, -50, 106, -58, -59, 0, 71, -60, 78, -55, -44, -91, 13, -110, -40, 73, 121}, new byte[]{-86, -37, -68, 34, 35, -113, -60, 1, -95, 39, -69, 56, -35, -12, 29, -37, 8, -98, -16, 18}, new byte[]{-15, -117, 83, -115, 27, -23, 3, -74, -90, -16, 86, 67, 91, 23, 21, -119, -54, -13, 107, -14}};
  129. private final PKIXParameters b;
  130. private final CertPathValidator c;
  131. private final Set d = new HashSet();
  132.  
  133. public b() throws GeneralSecurityException {
  134. TrustManagerFactory instance = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
  135. instance.init((KeyStore) null);
  136. for (TrustManager trustManager : instance.getTrustManagers()) {
  137. if (trustManager instanceof X509TrustManager) {
  138. X509Certificate[] acceptedIssuers = ((X509TrustManager) trustManager).getAcceptedIssuers();
  139. if (acceptedIssuers != null) {
  140. int i = 0;
  141. for (X509Certificate x509Certificate : acceptedIssuers) {
  142. if (a(x509Certificate)) {
  143. if (KiwiLogger.TRACE_ON) {
  144. a.trace("Trusted Cert: " + x509Certificate.getSubjectX500Principal().getName());
  145. }
  146. this.d.add(new TrustAnchor(x509Certificate, (byte[]) null));
  147. i++;
  148. }
  149. }
  150. if (KiwiLogger.TRACE_ON) {
  151. a.trace(String.format("loaded %d certs\n", new Object[]{Integer.valueOf(i)}));
  152. }
  153. }
  154. }
  155. }
  156. if (this.d.isEmpty()) {
  157. a.error("TrustManager did not return valid accepted issuers, likely 3P custom TrustManager implementation issue.");
  158. }
  159. this.b = new PKIXParameters(this.d);
  160. this.b.setRevocationEnabled(false);
  161. this.c = CertPathValidator.getInstance("PKIX");
  162. }
  163.  
  164. private static boolean a(X509Certificate x509Certificate) {
  165. try {
  166. byte[] digest = MessageDigest.getInstance("SHA1").digest(x509Certificate.getEncoded());
  167. return a(e, digest) || a(f, digest);
  168. } catch (NoSuchAlgorithmException e2) {
  169. a.error("Signature algorithm unrecognized", e2);
  170. return false;
  171. } catch (CertificateEncodingException e3) {
  172. a.error("Cant get fingerprint", e3);
  173. return false;
  174. }
  175. }
  176.  
  177. private static boolean a(byte[][] bArr, byte[] bArr2) {
  178. for (byte[] equals : bArr) {
  179. if (Arrays.equals(equals, bArr2)) {
  180. return true;
  181. }
  182. }
  183. return false;
  184. }
  185.  
  186. public final boolean a(CertPath certPath) {
  187. try {
  188. Date notBefore = ((X509Certificate) certPath.getCertificates().get(0)).getNotBefore();
  189. a.trace("Verifying CertPath with " + notBefore);
  190. this.b.setDate(notBefore);
  191. this.c.validate(certPath, this.b);
  192. return true;
  193. } catch (Exception e2) {
  194. if (KiwiLogger.TRACE_ON) {
  195. a.error("Failed to verify cert path: " + e2, e2);
  196. }
  197. return false;
  198. }
  199. }
  200. }
  201.  
  202.  
  203.  
  204.  
  205. ############################
  206.  
  207.  
  208.  
  209.  
  210. package com.amazon.android.l;
  211.  
  212. import android.app.Application;
  213. import com.amazon.android.framework.resource.Resource;
  214. import com.amazon.android.framework.util.KiwiLogger;
  215. import com.amazon.android.n.a;
  216. import java.io.IOException;
  217. import java.security.GeneralSecurityException;
  218. import java.security.cert.CertPath;
  219. import java.security.cert.CertificateFactory;
  220. import java.util.ArrayList;
  221. import java.util.Enumeration;
  222. import java.util.jar.JarEntry;
  223. import java.util.jar.JarFile;
  224.  
  225. public final class c {
  226. private static final KiwiLogger a = new KiwiLogger("DataAuthenticationKeyLoader");
  227. @Resource
  228. private Application b;
  229. @Resource
  230. private a c;
  231.  
  232. private static CertPath a(JarFile jarFile, JarEntry jarEntry) throws com.amazon.android.g.a {
  233. try {
  234. if (KiwiLogger.TRACE_ON) {
  235. a.trace("Extracting cert from entry: " + jarEntry.getName());
  236. }
  237. CertificateFactory instance = CertificateFactory.getInstance("X.509");
  238. if (KiwiLogger.TRACE_ON) {
  239. a.trace("Generating certificates from entry input stream");
  240. }
  241. return instance.generateCertPath(new ArrayList(instance.generateCertificates(jarFile.getInputStream(jarEntry))));
  242. } catch (Exception e) {
  243. throw com.amazon.android.g.a.a(e);
  244. }
  245. }
  246.  
  247. private static JarEntry a(JarFile jarFile) throws com.amazon.android.g.a {
  248. if (KiwiLogger.TRACE_ON) {
  249. a.trace("Searching for cert in apk");
  250. }
  251. Enumeration<JarEntry> entries = jarFile.entries();
  252. while (entries.hasMoreElements()) {
  253. JarEntry nextElement = entries.nextElement();
  254. if (!nextElement.isDirectory() && nextElement.getName().equals("kiwi")) {
  255. return nextElement;
  256. }
  257. }
  258. throw new com.amazon.android.g.a("CERT_NOT_FOUND", (Throwable) null);
  259. }
  260.  
  261. private JarFile b() throws com.amazon.android.g.a {
  262. String packageCodePath = this.b.getPackageCodePath();
  263. if (KiwiLogger.TRACE_ON) {
  264. a.trace("Opening apk: " + packageCodePath);
  265. }
  266. try {
  267. return new JarFile(packageCodePath, false);
  268. } catch (IOException e) {
  269. throw com.amazon.android.g.a.a(e);
  270. }
  271. }
  272.  
  273. private static b c() throws com.amazon.android.g.a {
  274. try {
  275. return new b();
  276. } catch (GeneralSecurityException e) {
  277. throw new com.amazon.android.g.a("FAILED_TO_ESTABLISH_TRUST", e);
  278. }
  279. }
  280.  
  281. /* JADX WARNING: Removed duplicated region for block: B:36:0x00c0 */
  282. /* JADX WARNING: Removed duplicated region for block: B:40:0x00cc */
  283. /* Code decompiled incorrectly, please refer to instructions dump. */
  284. public final java.security.PublicKey a() throws com.amazon.android.g.a {
  285. /*
  286. r8 = this;
  287. r7 = 0
  288. r2 = 1
  289. r3 = 0
  290. boolean r0 = com.amazon.android.framework.util.KiwiLogger.TRACE_ON
  291. if (r0 == 0) goto L_0x000e
  292. com.amazon.android.framework.util.KiwiLogger r0 = a
  293. java.lang.String r1 = "Loading data authentication key..."
  294. r0.trace(r1)
  295. L_0x000e:
  296. boolean r0 = com.amazon.android.framework.util.KiwiLogger.TRACE_ON
  297. if (r0 == 0) goto L_0x0019
  298. com.amazon.android.framework.util.KiwiLogger r0 = a
  299. java.lang.String r1 = "Checking KiwiDataStore for key..."
  300. r0.trace(r1)
  301. L_0x0019:
  302. com.amazon.android.n.a r0 = r8.c
  303. java.lang.String r1 = "DATA_AUTHENTICATION_KEY"
  304. java.lang.Object r0 = r0.a(r1)
  305. java.security.PublicKey r0 = (java.security.PublicKey) r0
  306. boolean r1 = com.amazon.android.framework.util.KiwiLogger.TRACE_ON
  307. if (r1 == 0) goto L_0x0042
  308. com.amazon.android.framework.util.KiwiLogger r4 = a
  309. java.lang.StringBuilder r1 = new java.lang.StringBuilder
  310. r1.<init>()
  311. java.lang.String r5 = "Key was cached: "
  312. java.lang.StringBuilder r5 = r1.append(r5)
  313. if (r0 == 0) goto L_0x0045
  314. r1 = r2
  315. L_0x0037:
  316. java.lang.StringBuilder r1 = r5.append(r1)
  317. java.lang.String r1 = r1.toString()
  318. r4.trace(r1)
  319. L_0x0042:
  320. if (r0 == 0) goto L_0x0047
  321. L_0x0044:
  322. return r0
  323. L_0x0045:
  324. r1 = r3
  325. goto L_0x0037
  326. L_0x0047:
  327. boolean r0 = com.amazon.android.framework.util.KiwiLogger.TRACE_ON
  328. if (r0 == 0) goto L_0x0052
  329. com.amazon.android.framework.util.KiwiLogger r0 = a
  330. java.lang.String r1 = "Loading authentication key from apk..."
  331. r0.trace(r1)
  332. L_0x0052:
  333. java.util.jar.JarFile r0 = r8.b()
  334. java.util.jar.JarEntry r1 = a(r0)
  335. java.security.cert.CertPath r1 = a(r0, r1)
  336. if (r1 == 0) goto L_0x00ca
  337. java.util.List r0 = r1.getCertificates()
  338. int r0 = r0.size()
  339. if (r0 <= 0) goto L_0x00ca
  340. java.util.List r0 = r1.getCertificates()
  341. java.lang.Object r0 = r0.get(r3)
  342. java.security.cert.Certificate r0 = (java.security.cert.Certificate) r0
  343. boolean r4 = r0 instanceof java.security.cert.X509Certificate
  344. if (r4 == 0) goto L_0x00ca
  345. java.security.cert.X509Certificate r0 = (java.security.cert.X509Certificate) r0
  346. javax.security.auth.x500.X500Principal r0 = r0.getSubjectX500Principal()
  347. java.lang.String r0 = r0.getName()
  348. boolean r4 = com.amazon.android.framework.util.KiwiLogger.TRACE_ON
  349. if (r4 == 0) goto L_0x009e
  350. com.amazon.android.framework.util.KiwiLogger r4 = a
  351. java.lang.StringBuilder r5 = new java.lang.StringBuilder
  352. r5.<init>()
  353. java.lang.String r6 = "Kiwi Cert Details: "
  354. java.lang.StringBuilder r5 = r5.append(r6)
  355. java.lang.StringBuilder r5 = r5.append(r0)
  356. java.lang.String r5 = r5.toString()
  357. r4.trace(r5)
  358. L_0x009e:
  359. java.lang.String r4 = "O=Amazon.com\\, Inc."
  360. boolean r4 = r0.contains(r4)
  361. if (r4 == 0) goto L_0x00c8
  362. java.lang.String r4 = "C=US"
  363. boolean r4 = r0.contains(r4)
  364. if (r4 == 0) goto L_0x00c8
  365. java.lang.String r4 = "ST=Washington"
  366. boolean r4 = r0.contains(r4)
  367. if (r4 == 0) goto L_0x00c8
  368. java.lang.String r4 = "L=Seattle"
  369. boolean r0 = r0.contains(r4)
  370. if (r0 == 0) goto L_0x00c8
  371. L_0x00be:
  372. if (r2 != 0) goto L_0x00cc
  373. com.amazon.android.g.a r0 = new com.amazon.android.g.a
  374. java.lang.String r1 = "CERT_INVALID"
  375. r0.<init>(r1, r7)
  376. throw r0
  377. L_0x00c8:
  378. r2 = r3
  379. goto L_0x00be
  380. L_0x00ca:
  381. r2 = r3
  382. goto L_0x00be
  383. L_0x00cc:
  384. com.amazon.android.l.b r0 = c()
  385. boolean r0 = r0.a((java.security.cert.CertPath) r1)
  386. if (r0 != 0) goto L_0x00de
  387. com.amazon.android.g.a r0 = new com.amazon.android.g.a
  388. java.lang.String r1 = "VERIFICATION_FAILED"
  389. r0.<init>(r1, r7)
  390. throw r0
  391. L_0x00de:
  392. java.util.List r0 = r1.getCertificates()
  393. java.lang.Object r0 = r0.get(r3)
  394. java.security.cert.X509Certificate r0 = (java.security.cert.X509Certificate) r0
  395. java.security.PublicKey r0 = r0.getPublicKey()
  396. boolean r1 = com.amazon.android.framework.util.KiwiLogger.TRACE_ON
  397. if (r1 == 0) goto L_0x00f7
  398. com.amazon.android.framework.util.KiwiLogger r1 = a
  399. java.lang.String r2 = "Placing auth key into storage"
  400. r1.trace(r2)
  401. L_0x00f7:
  402. com.amazon.android.n.a r1 = r8.c
  403. java.lang.String r2 = "DATA_AUTHENTICATION_KEY"
  404. r1.a(r2, r0)
  405. goto L_0x0044
  406. */
  407. throw new UnsupportedOperationException("Method not decompiled: com.amazon.android.l.c.a():java.security.PublicKey");
  408. }
  409. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!