processing-android icon indicating copy to clipboard operation
processing-android copied to clipboard

Published 20 hours ago verified publisher icon processing

Replace sun.security.pkc packages in JarSigner

Open codeanticode opened this issue 4 years ago • 2 comments

These create trouble building the library using Java 11 and targeting Java 8. A possible replacement is the Bouncy Castle libraries, used by APDE for example:

import org.spongycastle.asn1.x509.X509Name;
import org.spongycastle.jce.X509Principal;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.x509.X509V3CertificateGenerator;

...
  protected void writeKey(File keystoreFile, char[] keystorePassword, String alias, char[] password, int validity, String name, String orgUnit, String org, String city, String state, String country) {
  try {
    Security.addProvider(new BouncyCastleProvider());
			
    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
    SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
    keyGen.initialize(1024, random);
    KeyPair pair = keyGen.generateKeyPair();
			
    X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();			
    X509Principal principal = new X509Principal("CN=" + formatDN(name) + ", OU=" + formatDN(orgUnit) + ", O=" + formatDN(org) + ", L=" + formatDN(city) + ", ST=" + formatDN(state) + ", C=" + formatDN(country));
			
    int serial = new SecureRandom().nextInt();
			
    v3CertGen.setSerialNumber(BigInteger.valueOf(serial < 0 ? -1 * serial : serial));
    v3CertGen.setIssuerDN(principal);
    v3CertGen.setNotBefore(new Date(System.currentTimeMillis()));
    v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365 * validity))); //TODO Doesn't take leap days / years into account...
    v3CertGen.setSubjectDN(principal);
    v3CertGen.setPublicKey(pair.getPublic());
    v3CertGen.setSignatureAlgorithm("MD5WithRSAEncryption");
			
    X509Certificate pkCertificate = v3CertGen.generateX509Certificate(pair.getPrivate());
			
    keystore.setKeyEntry(alias, pair.getPrivate(), password, new Certificate[] {pkCertificate});
			
    //Write the new key to the keystore
    writeKeystore(keystoreFile, keystorePassword);
			
    //Reload the keystore so that the new key will appear
    loadAliases((ArrayList<String>) loadKeystore(keystoreFile, keystorePassword).extra());
  } catch (NoSuchAlgorithmException e) {
    e.printStackTrace();
  } catch (KeyStoreException e) {
    e.printStackTrace();
  } catch (InvalidKeyException e) {
    e.printStackTrace();
  } catch (SecurityException e) {
    e.printStackTrace();
  } catch (SignatureException e) {
    e.printStackTrace();
    }
  }

codeanticode avatar Jan 03 '21 15:01 codeanticode

Can i work on this issue

kartikeysaran avatar Mar 17 '21 09:03 kartikeysaran

Can i work on this issue

Hi @kartikeysaran its great that you are interested in this project !

Yes you can start the working on this issue.

Please have a look on #625 , Andres have explained here what all errors he got while doing this.

ranaaditya avatar Mar 29 '21 02:03 ranaaditya

No longer relevant as we do package signing through gradle

codeanticode avatar Mar 27 '23 03:03 codeanticode