PageRenderTime 57ms CodeModel.GetById 27ms RepoModel.GetById 0ms app.codeStats 0ms

/AndroidBillingLibrary/src/net/robotmedia/billing/security/DefaultSignatureValidator.java

https://github.com/lujop/AndroidBillingLibrary
Java | 107 lines | 73 code | 11 blank | 23 comment | 6 complexity | 64ebe5b9392df1bd5dd77ec272dda736 MD5 | raw file
    

  1. /*   Copyright 2011 Robot Media SL (http://www.robotmedia.net)
    2. 

  2.  *
    3. 

  3.  *   Licensed under the Apache License, Version 2.0 (the "License");
    4. 

  4.  *   you may not use this file except in compliance with the License.
    5. 

  5.  *   You may obtain a copy of the License at
    6. 

  6.  *
    7. 

  7.  *       http://www.apache.org/licenses/LICENSE-2.0
    8. 

  8.  *
    9. 

  9.  *   Unless required by applicable law or agreed to in writing, software
    10. 

  10.  *   distributed under the License is distributed on an "AS IS" BASIS,
    11. 

  11.  *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12. 

  12.  *   See the License for the specific language governing permissions and
    13. 

  13.  *   limitations under the License.
    14. 

  14.  */
    15. 

  15. 

  16. package net.robotmedia.billing.security;
    17. 

  17. 

  18. import java.security.InvalidKeyException;
    19. 

  19. import java.security.KeyFactory;
    20. 

  20. import java.security.NoSuchAlgorithmException;
    21. 

  21. import java.security.PublicKey;
    22. 

  22. import java.security.Signature;
    23. 

  23. import java.security.SignatureException;
    24. 

  24. import java.security.spec.InvalidKeySpecException;
    25. 

  25. import java.security.spec.X509EncodedKeySpec;
    26. 

  26. 

  27. import android.text.TextUtils;
    28. 

  28. import android.util.Log;
    29. 

  29. import net.robotmedia.billing.BillingController;
    30. 

  30. import net.robotmedia.billing.utils.Base64;
    31. 

  31. import net.robotmedia.billing.utils.Base64DecoderException;
    32. 

  32. 

  33. public class DefaultSignatureValidator implements ISignatureValidator {
    34. 

  34. 

  35. 	protected static final String KEY_FACTORY_ALGORITHM = "RSA";
    36. 

  36. 	protected static final String SIGNATURE_ALGORITHM = "SHA1withRSA";
    37. 

  37. 

  38. 	/**
    39. 

  39. 	 * Generates a PublicKey instance from a string containing the
    40. 

  40. 	 * Base64-encoded public key.
    41. 

  41. 	 * 
    42. 

  42. 	 * @param encodedPublicKey
    43. 

  43. 	 *            Base64-encoded public key
    44. 

  44. 	 * @throws IllegalArgumentException
    45. 

  45. 	 *             if encodedPublicKey is invalid
    46. 

  46. 	 */
    47. 

  47. 	protected PublicKey generatePublicKey(String encodedPublicKey) {
    48. 

  48. 		try {
    49. 

  49. 			byte[] decodedKey = Base64.decode(encodedPublicKey);
    50. 

  50. 			KeyFactory keyFactory = KeyFactory.getInstance(KEY_FACTORY_ALGORITHM);
    51. 

  51. 			return keyFactory.generatePublic(new X509EncodedKeySpec(decodedKey));
    52. 

  52. 		} catch (NoSuchAlgorithmException e) {
    53. 

  53. 			throw new RuntimeException(e);
    54. 

  54. 		} catch (InvalidKeySpecException e) {
    55. 

  55. 			Log.e(BillingController.LOG_TAG, "Invalid key specification.");
    56. 

  56. 			throw new IllegalArgumentException(e);
    57. 

  57. 		} catch (Base64DecoderException e) {
    58. 

  58. 			Log.e(BillingController.LOG_TAG, "Base64 decoding failed.");
    59. 

  59. 			throw new IllegalArgumentException(e);
    60. 

  60. 		}
    61. 

  61. 	}
    62. 

  62. 

  63. 	private BillingController.IConfiguration configuration;
    64. 

  64. 

  65. 	public DefaultSignatureValidator(BillingController.IConfiguration configuration) {
    66. 

  66. 		this.configuration = configuration;
    67. 

  67. 	}
    68. 

  68. 

  69. 	protected boolean validate(PublicKey publicKey, String signedData, String signature) {
    70. 

  70. 		Signature sig;
    71. 

  71. 		try {
    72. 

  72. 			sig = Signature.getInstance(SIGNATURE_ALGORITHM);
    73. 

  73. 			sig.initVerify(publicKey);
    74. 

  74. 			sig.update(signedData.getBytes());
    75. 

  75. 			if (!sig.verify(Base64.decode(signature))) {
    76. 

  76. 				Log.e(BillingController.LOG_TAG, "Signature verification failed.");
    77. 

  77. 				return false;
    78. 

  78. 			}
    79. 

  79. 			return true;
    80. 

  80. 		} catch (NoSuchAlgorithmException e) {
    81. 

  81. 			Log.e(BillingController.LOG_TAG, "NoSuchAlgorithmException");
    82. 

  82. 		} catch (InvalidKeyException e) {
    83. 

  83. 			Log.e(BillingController.LOG_TAG, "Invalid key specification");
    84. 

  84. 		} catch (SignatureException e) {
    85. 

  85. 			Log.e(BillingController.LOG_TAG, "Signature exception");
    86. 

  86. 		} catch (Base64DecoderException e) {
    87. 

  87. 			Log.e(BillingController.LOG_TAG, "Base64 decoding failed");
    88. 

  88. 		}
    89. 

  89. 		return false;
    90. 

  90. 	}
    91. 

  91. 

  92. 	@Override
    93. 

  93. 	public boolean validate(String signedData, String signature) {
    94. 

  94. 		final String publicKey;
    95. 

  95. 		if (configuration == null || TextUtils.isEmpty(publicKey = configuration.getPublicKey())) {
    96. 

  96. 			Log.w(BillingController.LOG_TAG, "Please set the public key or turn on debug mode");
    97. 

  97. 			return false;
    98. 

  98. 		}
    99. 

  99. 		if (signedData == null) {
    100. 

  100. 			Log.e(BillingController.LOG_TAG, "Data is null");
    101. 

  101. 			return false;
    102. 

  102. 		}
    103. 

  103. 		PublicKey key = generatePublicKey(publicKey);
    104. 

  104. 		return validate(key, signedData, signature);
    105. 

  105. 	}
    106. 

  106. 

  107. }
    108. 

  108.