src/main/java/com/android/tools/build/apkzlib/sign/SignatureAlgorithm.java

/*
 * Copyright (C) 2016 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package com.android.tools.build.apkzlib.sign;

import java.security.NoSuchAlgorithmException;
import javax.annotation.Nonnull;

/**
 * Signature algorithm.
 */
public enum SignatureAlgorithm {
    /** RSA algorithm. */
    RSA("RSA", 1, "withRSA"),

    /** ECDSA algorithm. */
    ECDSA("EC", 18, "withECDSA"),

    /** DSA algorithm. */
    DSA("DSA", 1, "withDSA");

    /** Name of the private key as reported by {@code PrivateKey}. */
    @Nonnull public final String keyAlgorithm;

    /**
     * Minimum SDK version that allows this signature.
     */
    public final int minSdkVersion;

    /**
     * Suffix appended to digest algorithm to obtain signature algorithm.
     */
    @Nonnull
    public final String signatureAlgorithmSuffix;

    /**
     * Creates a new signature algorithm.
     *
     * @param keyAlgorithm the name as reported by {@code PrivateKey}
     * @param minSdkVersion minimum SDK version that allows this signature
     * @param signatureAlgorithmSuffix suffix for signature name with used with a digest
     */
    SignatureAlgorithm(
            @Nonnull String keyAlgorithm, int minSdkVersion, @Nonnull String signatureAlgorithmSuffix) {
        this.keyAlgorithm = keyAlgorithm;
        this.minSdkVersion = minSdkVersion;
        this.signatureAlgorithmSuffix = signatureAlgorithmSuffix;
    }

    /**
     * Obtains the signature algorithm that corresponds to a private key name applicable to a
     * SDK version.
     *
     * @param keyAlgorithm the named referred in the {@code PrivateKey}
     * @param minSdkVersion minimum SDK version to run
     * @return the algorithm that has {@link #keyAlgorithm} equal to {@code keyAlgorithm}
     * @throws NoSuchAlgorithmException if no algorithm was found for the given private key; an
     * algorithm was found but is not applicable to the given SDK version
     */
    @Nonnull
    public static SignatureAlgorithm fromKeyAlgorithm(@Nonnull String keyAlgorithm,
            int minSdkVersion) throws NoSuchAlgorithmException {
        for (SignatureAlgorithm alg : values()) {
            if (alg.keyAlgorithm.equalsIgnoreCase(keyAlgorithm)) {
                if (alg.minSdkVersion > minSdkVersion) {
                    throw new NoSuchAlgorithmException("Signatures with " + keyAlgorithm
                            + " keys are not supported on minSdkVersion " + minSdkVersion
                            + ". They are supported only for minSdkVersion >= "
                            + alg.minSdkVersion);
                }

                return alg;
            }
        }

        throw new NoSuchAlgorithmException("Signing with " + keyAlgorithm
                + " keys is not supported");
    }

    /**
     * Obtains the name of the signature algorithm when used with a digest algorithm.
     *
     * @param digestAlgorithm the digest algorithm to use
     * @return the name of the signature algorithm
     */
    @Nonnull
    public String signatureAlgorithmName(@Nonnull DigestAlgorithm digestAlgorithm) {
        return digestAlgorithm.messageDigestName.replace("-", "") + signatureAlgorithmSuffix;
    }
}