1 /* 2 * Copyright (C) 2016 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.keystore.cts; 18 19 import static com.google.common.base.Functions.forMap; 20 import static com.google.common.collect.Collections2.transform; 21 22 import com.google.common.base.Joiner; 23 import com.google.common.collect.ImmutableMap; 24 import com.google.common.collect.ImmutableSet; 25 import com.google.common.collect.Lists; 26 27 import android.security.keystore.KeyProperties; 28 import android.util.Log; 29 30 import org.bouncycastle.asn1.ASN1Encodable; 31 import org.bouncycastle.asn1.ASN1Primitive; 32 import org.bouncycastle.asn1.ASN1Sequence; 33 import org.bouncycastle.asn1.ASN1SequenceParser; 34 import org.bouncycastle.asn1.ASN1TaggedObject; 35 import org.bouncycastle.asn1.ASN1InputStream; 36 37 import java.io.IOException; 38 import java.io.UnsupportedEncodingException; 39 import java.security.cert.CertificateParsingException; 40 import java.text.DateFormat; 41 import java.util.Collection; 42 import java.util.Date; 43 import java.util.List; 44 import java.util.Set; 45 46 public class AuthorizationList { 47 // Algorithm values. 48 public static final int KM_ALGORITHM_RSA = 1; 49 public static final int KM_ALGORITHM_EC = 3; 50 51 // EC Curves 52 public static final int KM_EC_CURVE_P224 = 0; 53 public static final int KM_EC_CURVE_P256 = 1; 54 public static final int KM_EC_CURVE_P384 = 2; 55 public static final int KM_EC_CURVE_P521 = 3; 56 57 // Padding modes. 58 public static final int KM_PAD_NONE = 1; 59 public static final int KM_PAD_RSA_OAEP = 2; 60 public static final int KM_PAD_RSA_PSS = 3; 61 public static final int KM_PAD_RSA_PKCS1_1_5_ENCRYPT = 4; 62 public static final int KM_PAD_RSA_PKCS1_1_5_SIGN = 5; 63 64 // Digest modes. 65 public static final int KM_DIGEST_NONE = 0; 66 public static final int KM_DIGEST_MD5 = 1; 67 public static final int KM_DIGEST_SHA1 = 2; 68 public static final int KM_DIGEST_SHA_2_224 = 3; 69 public static final int KM_DIGEST_SHA_2_256 = 4; 70 public static final int KM_DIGEST_SHA_2_384 = 5; 71 public static final int KM_DIGEST_SHA_2_512 = 6; 72 73 // Key origins. 74 public static final int KM_ORIGIN_GENERATED = 0; 75 public static final int KM_ORIGIN_IMPORTED = 2; 76 public static final int KM_ORIGIN_UNKNOWN = 3; 77 78 // Operation Purposes. 79 public static final int KM_PURPOSE_ENCRYPT = 0; 80 public static final int KM_PURPOSE_DECRYPT = 1; 81 public static final int KM_PURPOSE_SIGN = 2; 82 public static final int KM_PURPOSE_VERIFY = 3; 83 84 // User authenticators. 85 public static final int HW_AUTH_PASSWORD = 1 << 0; 86 public static final int HW_AUTH_FINGERPRINT = 1 << 1; 87 88 // Keymaster tag classes 89 private static final int KM_ENUM = 1 << 28; 90 private static final int KM_ENUM_REP = 2 << 28; 91 private static final int KM_UINT = 3 << 28; 92 private static final int KM_ULONG = 5 << 28; 93 private static final int KM_DATE = 6 << 28; 94 private static final int KM_BOOL = 7 << 28; 95 private static final int KM_BYTES = 9 << 28; 96 97 // Tag class removal mask 98 private static final int KEYMASTER_TAG_TYPE_MASK = 0x0FFFFFFF; 99 100 // Keymaster tags 101 private static final int KM_TAG_PURPOSE = KM_ENUM_REP | 1; 102 private static final int KM_TAG_ALGORITHM = KM_ENUM | 2; 103 private static final int KM_TAG_KEY_SIZE = KM_UINT | 3; 104 private static final int KM_TAG_DIGEST = KM_ENUM_REP | 5; 105 private static final int KM_TAG_PADDING = KM_ENUM_REP | 6; 106 private static final int KM_TAG_EC_CURVE = KM_ENUM | 10; 107 private static final int KM_TAG_RSA_PUBLIC_EXPONENT = KM_ULONG | 200; 108 private static final int KM_TAG_ROLLBACK_RESISTANCE = KM_BOOL | 303; 109 private static final int KM_TAG_ACTIVE_DATETIME = KM_DATE | 400; 110 private static final int KM_TAG_ORIGINATION_EXPIRE_DATETIME = KM_DATE | 401; 111 private static final int KM_TAG_USAGE_EXPIRE_DATETIME = KM_DATE | 402; 112 private static final int KM_TAG_NO_AUTH_REQUIRED = KM_BOOL | 503; 113 private static final int KM_TAG_USER_AUTH_TYPE = KM_ENUM | 504; 114 private static final int KM_TAG_AUTH_TIMEOUT = KM_UINT | 505; 115 private static final int KM_TAG_ALLOW_WHILE_ON_BODY = KM_BOOL | 506; 116 private static final int KM_TAG_TRUSTED_USER_PRESENCE_REQUIRED = KM_BOOL | 507; 117 private static final int KM_TAG_TRUSTED_CONFIRMATION_REQUIRED = KM_BOOL | 508; 118 private static final int KM_TAG_UNLOCKED_DEVICE_REQUIRED = KM_BOOL | 509; 119 private static final int KM_TAG_ALL_APPLICATIONS = KM_BOOL | 600; 120 private static final int KM_TAG_CREATION_DATETIME = KM_DATE | 701; 121 private static final int KM_TAG_ORIGIN = KM_ENUM | 702; 122 private static final int KM_TAG_ROLLBACK_RESISTANT = KM_BOOL | 703; 123 private static final int KM_TAG_ROOT_OF_TRUST = KM_BYTES | 704; 124 private static final int KM_TAG_OS_VERSION = KM_UINT | 705; 125 private static final int KM_TAG_OS_PATCHLEVEL = KM_UINT | 706; 126 private static final int KM_TAG_ATTESTATION_APPLICATION_ID = KM_BYTES | 709; 127 private static final int KM_TAG_ATTESTATION_ID_BRAND = KM_BYTES | 710; 128 private static final int KM_TAG_ATTESTATION_ID_DEVICE = KM_BYTES | 711; 129 private static final int KM_TAG_ATTESTATION_ID_PRODUCT = KM_BYTES | 712; 130 private static final int KM_TAG_ATTESTATION_ID_SERIAL = KM_BYTES | 713; 131 private static final int KM_TAG_ATTESTATION_ID_IMEI = KM_BYTES | 714; 132 private static final int KM_TAG_ATTESTATION_ID_MEID = KM_BYTES | 715; 133 private static final int KM_TAG_ATTESTATION_ID_MANUFACTURER = KM_BYTES | 716; 134 private static final int KM_TAG_ATTESTATION_ID_MODEL = KM_BYTES | 717; 135 private static final int KM_TAG_VENDOR_PATCHLEVEL = KM_UINT | 718; 136 private static final int KM_TAG_BOOT_PATCHLEVEL = KM_UINT | 719; 137 138 // Map for converting padding values to strings 139 private static final ImmutableMap<Integer, String> paddingMap = ImmutableMap 140 .<Integer, String> builder() 141 .put(KM_PAD_NONE, "NONE") 142 .put(KM_PAD_RSA_OAEP, "OAEP") 143 .put(KM_PAD_RSA_PSS, "PSS") 144 .put(KM_PAD_RSA_PKCS1_1_5_ENCRYPT, "PKCS1 ENCRYPT") 145 .put(KM_PAD_RSA_PKCS1_1_5_SIGN, "PKCS1 SIGN") 146 .build(); 147 148 // Map for converting digest values to strings 149 private static final ImmutableMap<Integer, String> digestMap = ImmutableMap 150 .<Integer, String> builder() 151 .put(KM_DIGEST_NONE, "NONE") 152 .put(KM_DIGEST_MD5, "MD5") 153 .put(KM_DIGEST_SHA1, "SHA1") 154 .put(KM_DIGEST_SHA_2_224, "SHA224") 155 .put(KM_DIGEST_SHA_2_256, "SHA256") 156 .put(KM_DIGEST_SHA_2_384, "SHA384") 157 .put(KM_DIGEST_SHA_2_512, "SHA512") 158 .build(); 159 160 // Map for converting purpose values to strings 161 private static final ImmutableMap<Integer, String> purposeMap = ImmutableMap 162 .<Integer, String> builder() 163 .put(KM_PURPOSE_DECRYPT, "DECRYPT") 164 .put(KM_PURPOSE_ENCRYPT, "ENCRYPT") 165 .put(KM_PURPOSE_SIGN, "SIGN") 166 .put(KM_PURPOSE_VERIFY, "VERIFY") 167 .build(); 168 169 private Set<Integer> purposes; 170 private Integer algorithm; 171 private Integer keySize; 172 private Set<Integer> digests; 173 private Set<Integer> paddingModes; 174 private Integer ecCurve; 175 private Long rsaPublicExponent; 176 private Date activeDateTime; 177 private Date originationExpireDateTime; 178 private Date usageExpireDateTime; 179 private boolean noAuthRequired; 180 private Integer userAuthType; 181 private Integer authTimeout; 182 private boolean allowWhileOnBody; 183 private boolean allApplications; 184 private byte[] applicationId; 185 private Date creationDateTime; 186 private Integer origin; 187 private boolean rollbackResistant; 188 private boolean rollbackResistance; 189 private RootOfTrust rootOfTrust; 190 private Integer osVersion; 191 private Integer osPatchLevel; 192 private Integer vendorPatchLevel; 193 private Integer bootPatchLevel; 194 private AttestationApplicationId attestationApplicationId; 195 private String brand; 196 private String device; 197 private String serialNumber; 198 private String imei; 199 private String meid; 200 private String product; 201 private String manufacturer; 202 private String model; 203 private boolean userPresenceRequired; 204 private boolean confirmationRequired; 205 AuthorizationList(ASN1Encodable sequence)206 public AuthorizationList(ASN1Encodable sequence) throws CertificateParsingException { 207 if (!(sequence instanceof ASN1Sequence)) { 208 throw new CertificateParsingException("Expected sequence for authorization list, found " 209 + sequence.getClass().getName()); 210 } 211 212 ASN1SequenceParser parser = ((ASN1Sequence) sequence).parser(); 213 ASN1TaggedObject entry = parseAsn1TaggedObject(parser); 214 for (; entry != null; entry = parseAsn1TaggedObject(parser)) { 215 int tag = entry.getTagNo(); 216 ASN1Primitive value = entry.getObject(); 217 Log.i("Attestation", "Parsing tag: [" + tag + "], value: [" + value + "]"); 218 switch (tag) { 219 default: 220 throw new CertificateParsingException("Unknown tag " + tag + " found"); 221 222 case KM_TAG_PURPOSE & KEYMASTER_TAG_TYPE_MASK: 223 purposes = Asn1Utils.getIntegersFromAsn1Set(value); 224 break; 225 case KM_TAG_ALGORITHM & KEYMASTER_TAG_TYPE_MASK: 226 algorithm = Asn1Utils.getIntegerFromAsn1(value); 227 break; 228 case KM_TAG_KEY_SIZE & KEYMASTER_TAG_TYPE_MASK: 229 keySize = Asn1Utils.getIntegerFromAsn1(value); 230 Log.i("Attestation", "Found KEY SIZE, value: " + keySize); 231 break; 232 case KM_TAG_DIGEST & KEYMASTER_TAG_TYPE_MASK: 233 digests = Asn1Utils.getIntegersFromAsn1Set(value); 234 break; 235 case KM_TAG_PADDING & KEYMASTER_TAG_TYPE_MASK: 236 paddingModes = Asn1Utils.getIntegersFromAsn1Set(value); 237 break; 238 case KM_TAG_RSA_PUBLIC_EXPONENT & KEYMASTER_TAG_TYPE_MASK: 239 rsaPublicExponent = Asn1Utils.getLongFromAsn1(value); 240 break; 241 case KM_TAG_NO_AUTH_REQUIRED & KEYMASTER_TAG_TYPE_MASK: 242 noAuthRequired = true; 243 break; 244 case KM_TAG_CREATION_DATETIME & KEYMASTER_TAG_TYPE_MASK: 245 creationDateTime = Asn1Utils.getDateFromAsn1(value); 246 break; 247 case KM_TAG_ORIGIN & KEYMASTER_TAG_TYPE_MASK: 248 origin = Asn1Utils.getIntegerFromAsn1(value); 249 break; 250 case KM_TAG_OS_VERSION & KEYMASTER_TAG_TYPE_MASK: 251 osVersion = Asn1Utils.getIntegerFromAsn1(value); 252 break; 253 case KM_TAG_OS_PATCHLEVEL & KEYMASTER_TAG_TYPE_MASK: 254 osPatchLevel = Asn1Utils.getIntegerFromAsn1(value); 255 break; 256 case KM_TAG_VENDOR_PATCHLEVEL & KEYMASTER_TAG_TYPE_MASK: 257 vendorPatchLevel = Asn1Utils.getIntegerFromAsn1(value); 258 break; 259 case KM_TAG_BOOT_PATCHLEVEL & KEYMASTER_TAG_TYPE_MASK: 260 bootPatchLevel = Asn1Utils.getIntegerFromAsn1(value); 261 break; 262 case KM_TAG_ACTIVE_DATETIME & KEYMASTER_TAG_TYPE_MASK: 263 activeDateTime = Asn1Utils.getDateFromAsn1(value); 264 break; 265 case KM_TAG_ORIGINATION_EXPIRE_DATETIME & KEYMASTER_TAG_TYPE_MASK: 266 originationExpireDateTime = Asn1Utils.getDateFromAsn1(value); 267 break; 268 case KM_TAG_USAGE_EXPIRE_DATETIME & KEYMASTER_TAG_TYPE_MASK: 269 usageExpireDateTime = Asn1Utils.getDateFromAsn1(value); 270 break; 271 case KM_TAG_ROLLBACK_RESISTANT & KEYMASTER_TAG_TYPE_MASK: 272 rollbackResistant = true; 273 break; 274 case KM_TAG_ROLLBACK_RESISTANCE & KEYMASTER_TAG_TYPE_MASK: 275 rollbackResistance = true; 276 break; 277 case KM_TAG_AUTH_TIMEOUT & KEYMASTER_TAG_TYPE_MASK: 278 authTimeout = Asn1Utils.getIntegerFromAsn1(value); 279 break; 280 case KM_TAG_ALLOW_WHILE_ON_BODY & KEYMASTER_TAG_TYPE_MASK: 281 allowWhileOnBody = true; 282 break; 283 case KM_TAG_EC_CURVE & KEYMASTER_TAG_TYPE_MASK: 284 ecCurve = Asn1Utils.getIntegerFromAsn1(value); 285 break; 286 case KM_TAG_USER_AUTH_TYPE & KEYMASTER_TAG_TYPE_MASK: 287 userAuthType = Asn1Utils.getIntegerFromAsn1(value); 288 break; 289 case KM_TAG_ROOT_OF_TRUST & KEYMASTER_TAG_TYPE_MASK: 290 rootOfTrust = new RootOfTrust(value); 291 break; 292 case KM_TAG_ATTESTATION_APPLICATION_ID & KEYMASTER_TAG_TYPE_MASK: 293 attestationApplicationId = new AttestationApplicationId(Asn1Utils 294 .getAsn1EncodableFromBytes(Asn1Utils.getByteArrayFromAsn1(value))); 295 break; 296 case KM_TAG_ATTESTATION_ID_BRAND & KEYMASTER_TAG_TYPE_MASK: 297 brand = getStringFromAsn1Value(value); 298 break; 299 case KM_TAG_ATTESTATION_ID_DEVICE & KEYMASTER_TAG_TYPE_MASK: 300 device = getStringFromAsn1Value(value); 301 break; 302 case KM_TAG_ATTESTATION_ID_PRODUCT & KEYMASTER_TAG_TYPE_MASK: 303 product = getStringFromAsn1Value(value); 304 break; 305 case KM_TAG_ATTESTATION_ID_SERIAL & KEYMASTER_TAG_TYPE_MASK: 306 serialNumber = getStringFromAsn1Value(value); 307 break; 308 case KM_TAG_ATTESTATION_ID_IMEI & KEYMASTER_TAG_TYPE_MASK: 309 imei = getStringFromAsn1Value(value); 310 break; 311 case KM_TAG_ATTESTATION_ID_MEID & KEYMASTER_TAG_TYPE_MASK: 312 meid = getStringFromAsn1Value(value); 313 break; 314 case KM_TAG_ATTESTATION_ID_MANUFACTURER & KEYMASTER_TAG_TYPE_MASK: 315 manufacturer = getStringFromAsn1Value(value); 316 break; 317 case KM_TAG_ATTESTATION_ID_MODEL & KEYMASTER_TAG_TYPE_MASK: 318 model = getStringFromAsn1Value(value); 319 break; 320 case KM_TAG_ALL_APPLICATIONS & KEYMASTER_TAG_TYPE_MASK: 321 allApplications = true; 322 break; 323 case KM_TAG_TRUSTED_USER_PRESENCE_REQUIRED & KEYMASTER_TAG_TYPE_MASK: 324 userPresenceRequired = true; 325 break; 326 case KM_TAG_TRUSTED_CONFIRMATION_REQUIRED & KEYMASTER_TAG_TYPE_MASK: 327 confirmationRequired = true; 328 break; 329 } 330 } 331 332 } 333 algorithmToString(int algorithm)334 public static String algorithmToString(int algorithm) { 335 switch (algorithm) { 336 case KM_ALGORITHM_RSA: 337 return "RSA"; 338 case KM_ALGORITHM_EC: 339 return "ECDSA"; 340 default: 341 return "Unknown"; 342 } 343 } 344 paddingModesToString(final Set<Integer> paddingModes)345 public static String paddingModesToString(final Set<Integer> paddingModes) { 346 return joinStrings(transform(paddingModes, forMap(paddingMap, "Unknown"))); 347 } 348 paddingModeToString(int paddingMode)349 public static String paddingModeToString(int paddingMode) { 350 return forMap(paddingMap, "Unknown").apply(paddingMode); 351 } 352 digestsToString(Set<Integer> digests)353 public static String digestsToString(Set<Integer> digests) { 354 return joinStrings(transform(digests, forMap(digestMap, "Unknown"))); 355 } 356 digestToString(int digest)357 public static String digestToString(int digest) { 358 return forMap(digestMap, "Unknown").apply(digest); 359 } 360 purposesToString(Set<Integer> purposes)361 public static String purposesToString(Set<Integer> purposes) { 362 return joinStrings(transform(purposes, forMap(purposeMap, "Unknown"))); 363 } 364 userAuthTypeToString(int userAuthType)365 public static String userAuthTypeToString(int userAuthType) { 366 List<String> types = Lists.newArrayList(); 367 if ((userAuthType & HW_AUTH_FINGERPRINT) != 0) 368 types.add("Fingerprint"); 369 if ((userAuthType & HW_AUTH_PASSWORD) != 0) 370 types.add("Password"); 371 return joinStrings(types); 372 } 373 originToString(int origin)374 public static String originToString(int origin) { 375 switch (origin) { 376 case KM_ORIGIN_GENERATED: 377 return "Generated"; 378 case KM_ORIGIN_IMPORTED: 379 return "Imported"; 380 case KM_ORIGIN_UNKNOWN: 381 return "Unknown (KM0)"; 382 default: 383 return "Unknown"; 384 } 385 } 386 joinStrings(Collection<String> collection)387 private static String joinStrings(Collection<String> collection) { 388 return new StringBuilder() 389 .append("[") 390 .append(Joiner.on(", ").join(collection)) 391 .append("]") 392 .toString(); 393 } 394 formatDate(Date date)395 private static String formatDate(Date date) { 396 return DateFormat.getDateTimeInstance().format(date); 397 } 398 parseAsn1TaggedObject(ASN1SequenceParser parser)399 private static ASN1TaggedObject parseAsn1TaggedObject(ASN1SequenceParser parser) 400 throws CertificateParsingException { 401 ASN1Encodable asn1Encodable = parseAsn1Encodable(parser); 402 if (asn1Encodable == null || asn1Encodable instanceof ASN1TaggedObject) { 403 return (ASN1TaggedObject) asn1Encodable; 404 } 405 throw new CertificateParsingException( 406 "Expected tagged object, found " + asn1Encodable.getClass().getName()); 407 } 408 parseAsn1Encodable(ASN1SequenceParser parser)409 private static ASN1Encodable parseAsn1Encodable(ASN1SequenceParser parser) 410 throws CertificateParsingException { 411 try { 412 return parser.readObject(); 413 } catch (IOException e) { 414 throw new CertificateParsingException("Failed to parse ASN1 sequence", e); 415 } 416 } 417 getPurposes()418 public Set<Integer> getPurposes() { 419 return purposes; 420 } 421 getAlgorithm()422 public Integer getAlgorithm() { 423 return algorithm; 424 } 425 getKeySize()426 public Integer getKeySize() { 427 return keySize; 428 } 429 getDigests()430 public Set<Integer> getDigests() { 431 return digests; 432 } 433 getPaddingModes()434 public Set<Integer> getPaddingModes() { 435 return paddingModes; 436 } 437 getPaddingModesAsStrings()438 public Set<String> getPaddingModesAsStrings() throws CertificateParsingException { 439 if (paddingModes == null) { 440 return ImmutableSet.of(); 441 } 442 443 ImmutableSet.Builder<String> builder = ImmutableSet.builder(); 444 for (int paddingMode : paddingModes) { 445 switch (paddingMode) { 446 case KM_PAD_NONE: 447 builder.add(KeyProperties.ENCRYPTION_PADDING_NONE); 448 break; 449 case KM_PAD_RSA_OAEP: 450 builder.add(KeyProperties.ENCRYPTION_PADDING_RSA_OAEP); 451 break; 452 case KM_PAD_RSA_PKCS1_1_5_ENCRYPT: 453 builder.add(KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1); 454 break; 455 case KM_PAD_RSA_PKCS1_1_5_SIGN: 456 builder.add(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1); 457 break; 458 case KM_PAD_RSA_PSS: 459 builder.add(KeyProperties.SIGNATURE_PADDING_RSA_PSS); 460 break; 461 default: 462 throw new CertificateParsingException("Invalid padding mode " + paddingMode); 463 } 464 } 465 return builder.build(); 466 } 467 getEcCurve()468 public Integer getEcCurve() { 469 return ecCurve; 470 } 471 ecCurveAsString()472 public String ecCurveAsString() { 473 if (ecCurve == null) 474 return "NULL"; 475 476 switch (ecCurve) { 477 case KM_EC_CURVE_P224: 478 return "secp224r1"; 479 case KM_EC_CURVE_P256: 480 return "secp256r1"; 481 case KM_EC_CURVE_P384: 482 return "secp384r1"; 483 case KM_EC_CURVE_P521: 484 return "secp521r1"; 485 default: 486 return "unknown"; 487 } 488 } 489 getRsaPublicExponent()490 public Long getRsaPublicExponent() { 491 return rsaPublicExponent; 492 } 493 getActiveDateTime()494 public Date getActiveDateTime() { 495 return activeDateTime; 496 } 497 getOriginationExpireDateTime()498 public Date getOriginationExpireDateTime() { 499 return originationExpireDateTime; 500 } 501 getUsageExpireDateTime()502 public Date getUsageExpireDateTime() { 503 return usageExpireDateTime; 504 } 505 isNoAuthRequired()506 public boolean isNoAuthRequired() { 507 return noAuthRequired; 508 } 509 getUserAuthType()510 public Integer getUserAuthType() { 511 return userAuthType; 512 } 513 getAuthTimeout()514 public Integer getAuthTimeout() { 515 return authTimeout; 516 } 517 isAllowWhileOnBody()518 public boolean isAllowWhileOnBody() { 519 return allowWhileOnBody; 520 } 521 isAllApplications()522 public boolean isAllApplications() { 523 return allApplications; 524 } 525 getApplicationId()526 public byte[] getApplicationId() { 527 return applicationId; 528 } 529 getCreationDateTime()530 public Date getCreationDateTime() { 531 return creationDateTime; 532 } 533 getOrigin()534 public Integer getOrigin() { 535 return origin; 536 } 537 isRollbackResistant()538 public boolean isRollbackResistant() { 539 return rollbackResistant; 540 } 541 isRollbackResistance()542 public boolean isRollbackResistance() { 543 return rollbackResistance; 544 } 545 getRootOfTrust()546 public RootOfTrust getRootOfTrust() { 547 return rootOfTrust; 548 } 549 getOsVersion()550 public Integer getOsVersion() { 551 return osVersion; 552 } 553 getOsPatchLevel()554 public Integer getOsPatchLevel() { 555 return osPatchLevel; 556 } 557 getVendorPatchLevel()558 public Integer getVendorPatchLevel() { 559 return vendorPatchLevel; 560 } 561 getBootPatchLevel()562 public Integer getBootPatchLevel() { 563 return bootPatchLevel; 564 } 565 getAttestationApplicationId()566 public AttestationApplicationId getAttestationApplicationId() { 567 return attestationApplicationId; 568 } 569 getBrand()570 public String getBrand() { 571 return brand; 572 } 573 getDevice()574 public String getDevice() { 575 return device; 576 } 577 getSerialNumber()578 public String getSerialNumber() { 579 return serialNumber; 580 }; 581 getImei()582 public String getImei() { 583 return imei; 584 }; 585 getMeid()586 public String getMeid() { 587 return meid; 588 }; 589 getProduct()590 public String getProduct() { 591 return product; 592 }; 593 getManufacturer()594 public String getManufacturer() { 595 return manufacturer; 596 }; 597 getModel()598 public String getModel() { 599 return model; 600 }; 601 isUserPresenceRequired()602 public boolean isUserPresenceRequired() { 603 return userPresenceRequired; 604 } 605 isConfirmationRequired()606 public boolean isConfirmationRequired() { 607 return confirmationRequired; 608 } 609 getStringFromAsn1Value(ASN1Primitive value)610 private String getStringFromAsn1Value(ASN1Primitive value) throws CertificateParsingException { 611 try { 612 return Asn1Utils.getStringFromAsn1OctetStreamAssumingUTF8(value); 613 } catch (UnsupportedEncodingException e) { 614 throw new CertificateParsingException("Error parsing ASN.1 value", e); 615 } 616 } 617 618 @Override toString()619 public String toString() { 620 StringBuilder s = new StringBuilder(); 621 622 if (algorithm != null) { 623 s.append("\nAlgorithm: ").append(algorithmToString(algorithm)); 624 } 625 626 if (keySize != null) { 627 s.append("\nKeySize: ").append(keySize); 628 } 629 630 if (purposes != null && !purposes.isEmpty()) { 631 s.append("\nPurposes: ").append(purposesToString(purposes)); 632 } 633 634 if (digests != null && !digests.isEmpty()) { 635 s.append("\nDigests: ").append(digestsToString(digests)); 636 } 637 638 if (paddingModes != null && !paddingModes.isEmpty()) { 639 s.append("\nPadding modes: ").append(paddingModesToString(paddingModes)); 640 } 641 642 if (ecCurve != null) { 643 s.append("\nEC Curve: ").append(ecCurveAsString()); 644 } 645 646 String label = "\nRSA exponent: "; 647 if (rsaPublicExponent != null) { 648 s.append(label).append(rsaPublicExponent); 649 } 650 651 if (activeDateTime != null) { 652 s.append("\nActive: ").append(formatDate(activeDateTime)); 653 } 654 655 if (originationExpireDateTime != null) { 656 s.append("\nOrigination expire: ").append(formatDate(originationExpireDateTime)); 657 } 658 659 if (usageExpireDateTime != null) { 660 s.append("\nUsage expire: ").append(formatDate(usageExpireDateTime)); 661 } 662 663 if (!noAuthRequired && userAuthType != null) { 664 s.append("\nAuth types: ").append(userAuthTypeToString(userAuthType)); 665 if (authTimeout != null) { 666 s.append("\nAuth timeout: ").append(authTimeout); 667 } 668 } 669 670 if (applicationId != null) { 671 s.append("\nApplication ID: ").append(new String(applicationId)); 672 } 673 674 if (creationDateTime != null) { 675 s.append("\nCreated: ").append(formatDate(creationDateTime)); 676 } 677 678 if (origin != null) { 679 s.append("\nOrigin: ").append(originToString(origin)); 680 } 681 682 if (rollbackResistant) { 683 s.append("\nRollback resistant: true"); 684 } 685 686 if (rollbackResistance) { 687 s.append("\nRollback resistance: true"); 688 } 689 690 if (rootOfTrust != null) { 691 s.append("\nRoot of Trust:\n"); 692 s.append(rootOfTrust); 693 } 694 695 if (osVersion != null) { 696 s.append("\nOS Version: ").append(osVersion); 697 } 698 699 if (osPatchLevel != null) { 700 s.append("\nOS Patchlevel: ").append(osPatchLevel); 701 } 702 703 if (vendorPatchLevel != null) { 704 s.append("\nVendor Patchlevel: ").append(vendorPatchLevel); 705 } 706 707 if (bootPatchLevel != null) { 708 s.append("\nBoot Patchlevel: ").append(bootPatchLevel); 709 } 710 711 if (attestationApplicationId != null) { 712 s.append("\nAttestation Application Id:").append(attestationApplicationId); 713 } 714 715 if (userPresenceRequired) { 716 s.append("\nUser presence required"); 717 } 718 719 if (confirmationRequired) { 720 s.append("\nConfirmation required"); 721 } 722 723 if (brand != null) { 724 s.append("\nBrand: ").append(brand); 725 } 726 if (device != null) { 727 s.append("\nDevice type: ").append(device); 728 } 729 return s.toString(); 730 } 731 } 732