399 private void writeSignatureSection(DataOutput out, 400 List<byte[]> hashes, 401 SignerParameters params) 402 throws IOException, SignatureException, NoSuchAlgorithmException { 403 404 ByteArrayOutputStream baos = new ByteArrayOutputStream(); 405 short hashLength; 406 for (byte[] hash : hashes) { 407 hashLength = (short) hash.length; 408 baos.write((byte) ((hashLength >>> 8) & 0xFF)); 409 baos.write((byte) ((hashLength >>> 0) & 0xFF)); 410 baos.write(hash, 0, hashLength); 411 } 412 byte[] toBeSigned = baos.toByteArray(); 413 414 // Compute the signature 415 SignedModule.PKCS7Signer signer = new SignedModule.PKCS7Signer(); 416 byte[] signature = signer.generateSignature(toBeSigned, params); 417 418 // Generate the hash for the signature header and content 419 baos = new ByteArrayOutputStream(); 420 DataOutputStream dos = new DataOutputStream(baos); 421 short signatureType = (short)signer.getSignatureType().value(); 422 dos.writeShort(signatureType); 423 short signatureLength = (short)signature.length; 424 dos.writeInt(signature.length); 425 byte[] signatureHeader = baos.toByteArray(); 426 MessageDigest md = MessageDigest.getInstance("SHA-256"); 427 md.update(signatureHeader); 428 md.update(signature); 429 byte[] hash = md.digest(); 430 431 // Write out the Signature Section 432 SectionHeader header = 433 new SectionHeader(FileConstants.ModuleFile.SectionType.SIGNATURE, 434 FileConstants.ModuleFile.Compressor.NONE, 435 signature.length + 6, 436 (short)0, hash); 437 header.write(out); 438 out.write(signatureHeader); 439 out.write(signature); 440 } 441 } 442 443 /** 444 * Returns true if KeyStore has a password. This is true except for 445 * MSCAPI KeyStores 446 */ 447 private static boolean isWindowsKeyStore(String storetype) { 448 return storetype.equalsIgnoreCase("Windows-MY") 449 || storetype.equalsIgnoreCase("Windows-ROOT"); 450 } 451 } | 399 private void writeSignatureSection(DataOutput out, 400 List<byte[]> hashes, 401 SignerParameters params) 402 throws IOException, SignatureException, NoSuchAlgorithmException { 403 404 ByteArrayOutputStream baos = new ByteArrayOutputStream(); 405 short hashLength; 406 for (byte[] hash : hashes) { 407 hashLength = (short) hash.length; 408 baos.write((byte) ((hashLength >>> 8) & 0xFF)); 409 baos.write((byte) ((hashLength >>> 0) & 0xFF)); 410 baos.write(hash, 0, hashLength); 411 } 412 byte[] toBeSigned = baos.toByteArray(); 413 414 // Compute the signature 415 SignedModule.PKCS7Signer signer = new SignedModule.PKCS7Signer(); 416 byte[] signature = signer.generateSignature(toBeSigned, params); 417 418 // Generate the hash for the signature header and content 419 SignatureSection signatureSection = 420 new SignatureSection(signer.getSignatureType().value(), 421 signature.length, signature); 422 baos = new ByteArrayOutputStream(); 423 DataOutputStream dos = new DataOutputStream(baos); 424 signatureSection.write(dos); 425 byte[] hash = MessageDigest.getInstance("SHA-256").digest(baos.toByteArray()); 426 427 // Write out the Signature Section 428 SectionHeader header = 429 new SectionHeader(FileConstants.ModuleFile.SectionType.SIGNATURE, 430 FileConstants.ModuleFile.Compressor.NONE, 431 signature.length + 6, 432 (short)0, hash); 433 header.write(out); 434 signatureSection.write(out); 435 } 436 } 437 438 /** 439 * Returns true if KeyStore has a password. This is true except for 440 * MSCAPI KeyStores 441 */ 442 private static boolean isWindowsKeyStore(String storetype) { 443 return storetype.equalsIgnoreCase("Windows-MY") 444 || storetype.equalsIgnoreCase("Windows-ROOT"); 445 } 446 } |