Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- package com.amazon.android.framework.task.command;
- import android.app.Application;
- import android.content.pm.PackageInfo;
- import android.content.pm.PackageManager;
- import android.content.pm.Signature;
- import com.amazon.android.b.d;
- import com.amazon.android.b.g;
- import com.amazon.android.framework.exception.KiwiException;
- import com.amazon.android.framework.resource.Resource;
- import com.amazon.android.framework.util.KiwiLogger;
- import com.amazon.android.g.a;
- import com.amazon.android.l.c;
- import com.amazon.mas.kiwi.util.Base64;
- import java.io.ByteArrayInputStream;
- import java.security.cert.CertificateException;
- import java.security.cert.CertificateFactory;
- import java.security.cert.X509Certificate;
- import java.util.Iterator;
- import java.util.List;
- public final class f {
- private static final KiwiLogger a = new KiwiLogger("CommandResultVerifier");
- @Resource
- private Application b;
- @Resource
- private c c;
- private PackageInfo a(String str) throws g {
- try {
- return this.b.getPackageManager().getPackageInfo(str, 64);
- } catch (PackageManager.NameNotFoundException e) {
- a.trace("getPackageInfo() caught exception" + e);
- throw new g();
- }
- }
- private static String a(Signature signature) throws CertificateException {
- return Base64.encodeBytes(((X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(signature.toByteArray()))).getSignature());
- }
- private boolean a(String str, Signature signature) throws a {
- try {
- return com.amazon.android.l.a.a(a(signature), str, this.c.a());
- } catch (CertificateException e) {
- if (KiwiLogger.ERROR_ON) {
- a.error("Failed to extract fingerprint from signature: " + signature);
- }
- return false;
- }
- }
- private static boolean b(String str, Signature signature) {
- boolean z = false;
- try {
- z = str.equals(a(signature));
- a.trace("Signature valid: " + z);
- return z;
- } catch (CertificateException e) {
- a.error("Failed to extract fingerprint from signature");
- return z;
- }
- }
- public final void a(String str, String str2) throws KiwiException {
- if (KiwiLogger.TRACE_ON) {
- a.trace("Verifying auth token: " + str);
- }
- Signature[] signatureArr = a(str2).signatures;
- int length = signatureArr.length;
- int i = 0;
- while (i < length) {
- if (!a(str, signatureArr[i])) {
- i++;
- } else {
- return;
- }
- }
- throw new d();
- }
- public final boolean a(String str, List list) {
- a.trace("checkSignatures(" + str + ", " + list);
- try {
- for (Signature signature : a(str).signatures) {
- Iterator it = list.iterator();
- while (it.hasNext()) {
- if (b((String) it.next(), signature)) {
- return true;
- }
- }
- }
- } catch (g e) {
- a.error("isPackageSignatureValid: caught exception while checking", e);
- }
- return false;
- }
- }
- ###########################################
- package com.amazon.android.l;
- import com.amazon.android.framework.util.KiwiLogger;
- import java.security.GeneralSecurityException;
- import java.security.KeyStore;
- import java.security.MessageDigest;
- import java.security.NoSuchAlgorithmException;
- import java.security.cert.CertPath;
- import java.security.cert.CertPathValidator;
- import java.security.cert.CertificateEncodingException;
- import java.security.cert.PKIXParameters;
- import java.security.cert.TrustAnchor;
- import java.security.cert.X509Certificate;
- import java.util.Arrays;
- import java.util.Date;
- import java.util.HashSet;
- import java.util.Set;
- import javax.net.ssl.TrustManager;
- import javax.net.ssl.TrustManagerFactory;
- import javax.net.ssl.X509TrustManager;
- public final class b {
- private static final KiwiLogger a = new KiwiLogger("CertVerifier");
- private static final byte[][] e = {new byte[]{-123, 55, 28, -90, -27, 80, 20, 61, -50, 40, 3, 71, 27, -34, 58, 9, -24, -8, 119, 15}, new byte[]{-95, -37, 99, -109, -111, 111, 23, -28, 24, 85, 9, 64, 4, 21, -57, 2, 64, -80, -82, 107}, new byte[]{78, -74, -43, 120, 73, -101, 28, -49, 95, 88, 30, -83, 86, -66, 61, -101, 103, 68, -91, -27}, new byte[]{19, 45, 13, 69, 83, 75, 105, -105, -51, -78, -43, -61, 57, -30, 85, 118, 96, -101, 92, -58}, new byte[]{34, -43, -40, -33, -113, 2, 49, -47, -115, -9, -99, -73, -49, -118, 45, 100, -55, 63, 108, 58}, new byte[]{97, -17, 67, -41, Byte.MAX_VALUE, -54, -44, 97, 81, -68, -104, -32, -61, 89, 18, -81, -97, -21, 99, 17}, new byte[]{-77, -22, -60, 71, 118, -55, -56, 28, -22, -14, -99, -107, -74, -52, -96, 8, 27, 103, -20, -99}, new byte[]{-112, -82, -94, 105, -123, -1, 20, Byte.MIN_VALUE, 76, 67, 73, 82, -20, -23, 96, -124, 119, -81, 85, 111}, new byte[]{32, 66, -123, -36, -9, -21, 118, 65, -107, 87, -114, 19, 107, -44, -73, -47, -23, -114, 70, -91}, new byte[]{54, 121, -54, 53, 102, -121, 114, 48, 77, 48, -91, -5, -121, 59, 15, -89, 123, -73, 13, 84}, new byte[]{-56, -20, -116, -121, -110, 105, -53, 75, -85, 57, -23, -115, 126, 87, 103, -13, 20, -107, 115, -99}, new byte[]{81, Byte.MAX_VALUE, 97, 30, 41, -111, 107, 83, -126, -5, 114, -25, 68, -39, -115, -61, -52, 83, 109, 100}, new byte[]{64, -77, 49, -96, -23, -65, -24, 85, -68, 57, -109, -54, 112, 79, 78, -62, 81, -44, 29, -113}};
- private static final byte[][] f = {new byte[]{-111, -58, -42, -18, 62, -118, -56, 99, -124, -27, 72, -62, -103, 41, 92, 117, 108, -127, 123, -127}, new byte[]{-32, -85, 5, -108, 32, 114, 84, -109, 5, 96, 98, 2, 54, 112, -9, -51, 46, -4, 102, 102}, new byte[]{-97, -83, -111, -90, -50, 106, -58, -59, 0, 71, -60, 78, -55, -44, -91, 13, -110, -40, 73, 121}, new byte[]{-86, -37, -68, 34, 35, -113, -60, 1, -95, 39, -69, 56, -35, -12, 29, -37, 8, -98, -16, 18}, new byte[]{-15, -117, 83, -115, 27, -23, 3, -74, -90, -16, 86, 67, 91, 23, 21, -119, -54, -13, 107, -14}};
- private final PKIXParameters b;
- private final CertPathValidator c;
- private final Set d = new HashSet();
- public b() throws GeneralSecurityException {
- TrustManagerFactory instance = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
- instance.init((KeyStore) null);
- for (TrustManager trustManager : instance.getTrustManagers()) {
- if (trustManager instanceof X509TrustManager) {
- X509Certificate[] acceptedIssuers = ((X509TrustManager) trustManager).getAcceptedIssuers();
- if (acceptedIssuers != null) {
- int i = 0;
- for (X509Certificate x509Certificate : acceptedIssuers) {
- if (a(x509Certificate)) {
- if (KiwiLogger.TRACE_ON) {
- a.trace("Trusted Cert: " + x509Certificate.getSubjectX500Principal().getName());
- }
- this.d.add(new TrustAnchor(x509Certificate, (byte[]) null));
- i++;
- }
- }
- if (KiwiLogger.TRACE_ON) {
- a.trace(String.format("loaded %d certs\n", new Object[]{Integer.valueOf(i)}));
- }
- }
- }
- }
- if (this.d.isEmpty()) {
- a.error("TrustManager did not return valid accepted issuers, likely 3P custom TrustManager implementation issue.");
- }
- this.b = new PKIXParameters(this.d);
- this.b.setRevocationEnabled(false);
- this.c = CertPathValidator.getInstance("PKIX");
- }
- private static boolean a(X509Certificate x509Certificate) {
- try {
- byte[] digest = MessageDigest.getInstance("SHA1").digest(x509Certificate.getEncoded());
- return a(e, digest) || a(f, digest);
- } catch (NoSuchAlgorithmException e2) {
- a.error("Signature algorithm unrecognized", e2);
- return false;
- } catch (CertificateEncodingException e3) {
- a.error("Cant get fingerprint", e3);
- return false;
- }
- }
- private static boolean a(byte[][] bArr, byte[] bArr2) {
- for (byte[] equals : bArr) {
- if (Arrays.equals(equals, bArr2)) {
- return true;
- }
- }
- return false;
- }
- public final boolean a(CertPath certPath) {
- try {
- Date notBefore = ((X509Certificate) certPath.getCertificates().get(0)).getNotBefore();
- a.trace("Verifying CertPath with " + notBefore);
- this.b.setDate(notBefore);
- this.c.validate(certPath, this.b);
- return true;
- } catch (Exception e2) {
- if (KiwiLogger.TRACE_ON) {
- a.error("Failed to verify cert path: " + e2, e2);
- }
- return false;
- }
- }
- }
- ############################
- package com.amazon.android.l;
- import android.app.Application;
- import com.amazon.android.framework.resource.Resource;
- import com.amazon.android.framework.util.KiwiLogger;
- import com.amazon.android.n.a;
- import java.io.IOException;
- import java.security.GeneralSecurityException;
- import java.security.cert.CertPath;
- import java.security.cert.CertificateFactory;
- import java.util.ArrayList;
- import java.util.Enumeration;
- import java.util.jar.JarEntry;
- import java.util.jar.JarFile;
- public final class c {
- private static final KiwiLogger a = new KiwiLogger("DataAuthenticationKeyLoader");
- @Resource
- private Application b;
- @Resource
- private a c;
- private static CertPath a(JarFile jarFile, JarEntry jarEntry) throws com.amazon.android.g.a {
- try {
- if (KiwiLogger.TRACE_ON) {
- a.trace("Extracting cert from entry: " + jarEntry.getName());
- }
- CertificateFactory instance = CertificateFactory.getInstance("X.509");
- if (KiwiLogger.TRACE_ON) {
- a.trace("Generating certificates from entry input stream");
- }
- return instance.generateCertPath(new ArrayList(instance.generateCertificates(jarFile.getInputStream(jarEntry))));
- } catch (Exception e) {
- throw com.amazon.android.g.a.a(e);
- }
- }
- private static JarEntry a(JarFile jarFile) throws com.amazon.android.g.a {
- if (KiwiLogger.TRACE_ON) {
- a.trace("Searching for cert in apk");
- }
- Enumeration<JarEntry> entries = jarFile.entries();
- while (entries.hasMoreElements()) {
- JarEntry nextElement = entries.nextElement();
- if (!nextElement.isDirectory() && nextElement.getName().equals("kiwi")) {
- return nextElement;
- }
- }
- throw new com.amazon.android.g.a("CERT_NOT_FOUND", (Throwable) null);
- }
- private JarFile b() throws com.amazon.android.g.a {
- String packageCodePath = this.b.getPackageCodePath();
- if (KiwiLogger.TRACE_ON) {
- a.trace("Opening apk: " + packageCodePath);
- }
- try {
- return new JarFile(packageCodePath, false);
- } catch (IOException e) {
- throw com.amazon.android.g.a.a(e);
- }
- }
- private static b c() throws com.amazon.android.g.a {
- try {
- return new b();
- } catch (GeneralSecurityException e) {
- throw new com.amazon.android.g.a("FAILED_TO_ESTABLISH_TRUST", e);
- }
- }
- /* JADX WARNING: Removed duplicated region for block: B:36:0x00c0 */
- /* JADX WARNING: Removed duplicated region for block: B:40:0x00cc */
- /* Code decompiled incorrectly, please refer to instructions dump. */
- public final java.security.PublicKey a() throws com.amazon.android.g.a {
- /*
- r8 = this;
- r7 = 0
- r2 = 1
- r3 = 0
- boolean r0 = com.amazon.android.framework.util.KiwiLogger.TRACE_ON
- if (r0 == 0) goto L_0x000e
- com.amazon.android.framework.util.KiwiLogger r0 = a
- java.lang.String r1 = "Loading data authentication key..."
- r0.trace(r1)
- L_0x000e:
- boolean r0 = com.amazon.android.framework.util.KiwiLogger.TRACE_ON
- if (r0 == 0) goto L_0x0019
- com.amazon.android.framework.util.KiwiLogger r0 = a
- java.lang.String r1 = "Checking KiwiDataStore for key..."
- r0.trace(r1)
- L_0x0019:
- com.amazon.android.n.a r0 = r8.c
- java.lang.String r1 = "DATA_AUTHENTICATION_KEY"
- java.lang.Object r0 = r0.a(r1)
- java.security.PublicKey r0 = (java.security.PublicKey) r0
- boolean r1 = com.amazon.android.framework.util.KiwiLogger.TRACE_ON
- if (r1 == 0) goto L_0x0042
- com.amazon.android.framework.util.KiwiLogger r4 = a
- java.lang.StringBuilder r1 = new java.lang.StringBuilder
- r1.<init>()
- java.lang.String r5 = "Key was cached: "
- java.lang.StringBuilder r5 = r1.append(r5)
- if (r0 == 0) goto L_0x0045
- r1 = r2
- L_0x0037:
- java.lang.StringBuilder r1 = r5.append(r1)
- java.lang.String r1 = r1.toString()
- r4.trace(r1)
- L_0x0042:
- if (r0 == 0) goto L_0x0047
- L_0x0044:
- return r0
- L_0x0045:
- r1 = r3
- goto L_0x0037
- L_0x0047:
- boolean r0 = com.amazon.android.framework.util.KiwiLogger.TRACE_ON
- if (r0 == 0) goto L_0x0052
- com.amazon.android.framework.util.KiwiLogger r0 = a
- java.lang.String r1 = "Loading authentication key from apk..."
- r0.trace(r1)
- L_0x0052:
- java.util.jar.JarFile r0 = r8.b()
- java.util.jar.JarEntry r1 = a(r0)
- java.security.cert.CertPath r1 = a(r0, r1)
- if (r1 == 0) goto L_0x00ca
- java.util.List r0 = r1.getCertificates()
- int r0 = r0.size()
- if (r0 <= 0) goto L_0x00ca
- java.util.List r0 = r1.getCertificates()
- java.lang.Object r0 = r0.get(r3)
- java.security.cert.Certificate r0 = (java.security.cert.Certificate) r0
- boolean r4 = r0 instanceof java.security.cert.X509Certificate
- if (r4 == 0) goto L_0x00ca
- java.security.cert.X509Certificate r0 = (java.security.cert.X509Certificate) r0
- javax.security.auth.x500.X500Principal r0 = r0.getSubjectX500Principal()
- java.lang.String r0 = r0.getName()
- boolean r4 = com.amazon.android.framework.util.KiwiLogger.TRACE_ON
- if (r4 == 0) goto L_0x009e
- com.amazon.android.framework.util.KiwiLogger r4 = a
- java.lang.StringBuilder r5 = new java.lang.StringBuilder
- r5.<init>()
- java.lang.String r6 = "Kiwi Cert Details: "
- java.lang.StringBuilder r5 = r5.append(r6)
- java.lang.StringBuilder r5 = r5.append(r0)
- java.lang.String r5 = r5.toString()
- r4.trace(r5)
- L_0x009e:
- java.lang.String r4 = "O=Amazon.com\\, Inc."
- boolean r4 = r0.contains(r4)
- if (r4 == 0) goto L_0x00c8
- java.lang.String r4 = "C=US"
- boolean r4 = r0.contains(r4)
- if (r4 == 0) goto L_0x00c8
- java.lang.String r4 = "ST=Washington"
- boolean r4 = r0.contains(r4)
- if (r4 == 0) goto L_0x00c8
- java.lang.String r4 = "L=Seattle"
- boolean r0 = r0.contains(r4)
- if (r0 == 0) goto L_0x00c8
- L_0x00be:
- if (r2 != 0) goto L_0x00cc
- com.amazon.android.g.a r0 = new com.amazon.android.g.a
- java.lang.String r1 = "CERT_INVALID"
- r0.<init>(r1, r7)
- throw r0
- L_0x00c8:
- r2 = r3
- goto L_0x00be
- L_0x00ca:
- r2 = r3
- goto L_0x00be
- L_0x00cc:
- com.amazon.android.l.b r0 = c()
- boolean r0 = r0.a((java.security.cert.CertPath) r1)
- if (r0 != 0) goto L_0x00de
- com.amazon.android.g.a r0 = new com.amazon.android.g.a
- java.lang.String r1 = "VERIFICATION_FAILED"
- r0.<init>(r1, r7)
- throw r0
- L_0x00de:
- java.util.List r0 = r1.getCertificates()
- java.lang.Object r0 = r0.get(r3)
- java.security.cert.X509Certificate r0 = (java.security.cert.X509Certificate) r0
- java.security.PublicKey r0 = r0.getPublicKey()
- boolean r1 = com.amazon.android.framework.util.KiwiLogger.TRACE_ON
- if (r1 == 0) goto L_0x00f7
- com.amazon.android.framework.util.KiwiLogger r1 = a
- java.lang.String r2 = "Placing auth key into storage"
- r1.trace(r2)
- L_0x00f7:
- com.amazon.android.n.a r1 = r8.c
- java.lang.String r2 = "DATA_AUTHENTICATION_KEY"
- r1.a(r2, r0)
- goto L_0x0044
- */
- throw new UnsupportedOperationException("Method not decompiled: com.amazon.android.l.c.a():java.security.PublicKey");
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement