Improve Keygen yet again

2019-10-26 21:11:32 -04:00 · 2019-10-26 21:11:32 -04:00 · ee447bc4ce
commit ee447bc4ce
parent 31153e4366
1 changed files with 11 additions and 15 deletions
--- a/app/src/main/java/com/topjohnwu/magisk/utils/Keygen.kt
+++ b/app/src/main/java/com/topjohnwu/magisk/utils/Keygen.kt
@ -15,7 +15,6 @@ import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder
 import org.koin.core.context.GlobalContext
 import org.koin.core.context.startKoin
 import timber.log.Timber
-import java.io.ByteArrayInputStream
 import java.io.ByteArrayOutputStream
 import java.math.BigInteger
 import java.security.KeyPairGenerator
@ -37,15 +36,14 @@ class Keygen: CertKeyProvider {

    companion object {
        private const val ALIAS = "magisk"
-        private val PASSWORD = "magisk".toCharArray()
+        private val PASSWORD get() = "magisk".toCharArray()
        private const val TESTKEY_CERT = "61ed377e85d386a8dfee6b864bd85b0bfaa5af81"
-        private const val DNAME = "CN=Android, OU=Android, O=Google Inc., L=Mountain View, ST=California, C=US"
+        private const val DNAME = "C=US,ST=California,L=Mountain View,O=Google Inc.,OU=Android,CN=Android"
+        private const val BASE64_FLAG = Base64.NO_PADDING or Base64.NO_WRAP
    }

-    private val start get() = Calendar.getInstance()
-    private val end get() = Calendar.getInstance().apply {
-        add(Calendar.YEAR, 20)
-    }
+    private val start = Calendar.getInstance()
+    private val end = Calendar.getInstance().apply { add(Calendar.YEAR, 30) }

    override val cert get() = provider.cert
    override val key get() = provider.key
@ -104,9 +102,7 @@ class Keygen: CertKeyProvider {
        if (raw.isEmpty()) {
            ks.load(null)
        } else {
-            GZIPInputStream(ByteArrayInputStream(
-                    Base64.decode(raw, Base64.NO_PADDING or Base64.NO_WRAP)
-            )).use {
+            GZIPInputStream(Base64.decode(raw, BASE64_FLAG).inputStream()).use {
                ks.load(it, PASSWORD)
            }
        }
@ -116,20 +112,20 @@ class Keygen: CertKeyProvider {
            return ks

        // Generate new private key and certificate
-        val kp = KeyPairGenerator.getInstance("RSA").apply { initialize(2048) }.genKeyPair()
+        val kp = KeyPairGenerator.getInstance("RSA").apply { initialize(4096) }.genKeyPair()
        val dname = X500Name(DNAME)
-        val builder = JcaX509v3CertificateBuilder(dname,
-                BigInteger.valueOf(start.timeInMillis), start.time, end.time, dname, kp.public)
+        val builder = JcaX509v3CertificateBuilder(dname, BigInteger(160, Random()),
+            start.time, end.time, dname, kp.public)
        val signer = JcaContentSignerBuilder("SHA256WithRSA").build(kp.private)
        val cert = JcaX509CertificateConverter().getCertificate(builder.build(signer))

        // Store them into keystore
        ks.setKeyEntry(ALIAS, kp.private, PASSWORD, arrayOf(cert))
        val bytes = ByteArrayOutputStream()
-        GZIPOutputStream(Base64OutputStream(bytes, Base64.NO_PADDING or Base64.NO_WRAP)).use {
+        GZIPOutputStream(Base64OutputStream(bytes, BASE64_FLAG)).use {
            ks.store(it, PASSWORD)
        }
-        Config.keyStoreRaw = bytes.toString()
+        Config.keyStoreRaw = bytes.toString("UTF-8")

        return ks
    }