am 69779458: am 7878883e: Merge "Remove direct reference to X509CertImpl"

import java.security.PublicKey;

import java.security.Signature;

import java.security.SignatureException;

import java.security.cert.Certificate;

import java.security.cert.CertificateFactory;

import java.security.cert.X509Certificate;

import java.util.Collection;

import java.util.Enumeration;

import java.util.HashSet;

import java.util.Iterator;

import org.apache.harmony.security.pkcs7.ContentInfo;

import org.apache.harmony.security.pkcs7.SignedData;

import org.apache.harmony.security.pkcs7.SignerInfo;

import org.apache.harmony.security.provider.cert.X509CertImpl;

import org.apache.harmony.security.x509.Certificate;

/**

 * RecoverySystem contains methods for interacting with the Android

    }

    /** @return the set of certs that can be used to sign an OTA package. */

    private static HashSet<Certificate> getTrustedCerts(File keystore)

    private static HashSet<X509Certificate> getTrustedCerts(File keystore)

        throws IOException, GeneralSecurityException {

        HashSet<Certificate> trusted = new HashSet<Certificate>();

        HashSet<X509Certificate> trusted = new HashSet<X509Certificate>();

        if (keystore == null) {

            keystore = DEFAULT_KEYSTORE;

        }

                ZipEntry entry = entries.nextElement();

                InputStream is = zip.getInputStream(entry);

                try {

                    trusted.add(cf.generateCertificate(is));

                    trusted.add((X509Certificate) cf.generateCertificate(is));

                } finally {

                    is.close();

                }

            if (signedData == null) {

                throw new IOException("signedData is null");

            }

            Collection encCerts = signedData.getCertificates();

            List<Certificate> encCerts = signedData.getCertificates();

            if (encCerts.isEmpty()) {

                throw new IOException("encCerts is empty");

            }

            // Take the first certificate from the signature (packages

            // should contain only one).

            Iterator it = encCerts.iterator();

            Iterator<Certificate> it = encCerts.iterator();

            X509Certificate cert = null;

            if (it.hasNext()) {

                cert = new X509CertImpl((org.apache.harmony.security.x509.Certificate)it.next());

                CertificateFactory cf = CertificateFactory.getInstance("X.509");

                InputStream is = new ByteArrayInputStream(it.next().getEncoded());

                cert = (X509Certificate) cf.generateCertificate(is);

            } else {

                throw new SignatureException("signature contains no certificates");

            }

            List sigInfos = signedData.getSignerInfos();

            List<SignerInfo> sigInfos = signedData.getSignerInfos();

            SignerInfo sigInfo;

            if (!sigInfos.isEmpty()) {

                sigInfo = (SignerInfo)sigInfos.get(0);

            // Check that the public key of the certificate contained

            // in the package equals one of our trusted public keys.

            HashSet<Certificate> trusted = getTrustedCerts(

            HashSet<X509Certificate> trusted = getTrustedCerts(

                deviceCertsZipFile == null ? DEFAULT_KEYSTORE : deviceCertsZipFile);

            PublicKey signatureKey = cert.getPublicKey();

            boolean verified = false;

            for (Certificate c : trusted) {

            for (X509Certificate c : trusted) {

                if (c.getPublicKey().equals(signatureKey)) {

                    verified = true;

                    break;