use of com.android.apksig.SigningCertificateLineage.SignerCapabilities in project apksig by venshine.
the class SigningCertificateLineageTest method testUpdatedCapabilitiesInLineageWrittenToFile.
@Test
public void testUpdatedCapabilitiesInLineageWrittenToFile() throws Exception {
SigningCertificateLineage lineage = createLineageWithSignersFromResources(FIRST_RSA_2048_SIGNER_RESOURCE_NAME, SECOND_RSA_2048_SIGNER_RESOURCE_NAME);
SignerConfig oldSignerConfig = mSigners.get(0);
List<Boolean> expectedCapabilityValues = Arrays.asList(false, false, false, false, false);
SignerCapabilities newCapabilities = buildSignerCapabilities(expectedCapabilityValues);
lineage.updateSignerCapabilities(oldSignerConfig, newCapabilities);
File lineageFile = File.createTempFile(getClass().getSimpleName(), ".bin");
lineageFile.deleteOnExit();
lineage.writeToFile(lineageFile);
lineage = SigningCertificateLineage.readFromFile(lineageFile);
SignerCapabilities updatedCapabilities = lineage.getSignerCapabilities(oldSignerConfig);
assertExpectedCapabilityValues(updatedCapabilities, expectedCapabilityValues);
}
use of com.android.apksig.SigningCertificateLineage.SignerCapabilities in project apksig by venshine.
the class SigningCertificateLineageTest method testUpdatedCapabilitiesInLineage.
@Test
public void testUpdatedCapabilitiesInLineage() throws Exception {
SigningCertificateLineage lineage = createLineageWithSignersFromResources(FIRST_RSA_2048_SIGNER_RESOURCE_NAME, SECOND_RSA_2048_SIGNER_RESOURCE_NAME);
SignerConfig oldSignerConfig = mSigners.get(0);
List<Boolean> expectedCapabilityValues = Arrays.asList(false, false, false, false, false);
SignerCapabilities newCapabilities = buildSignerCapabilities(expectedCapabilityValues);
lineage.updateSignerCapabilities(oldSignerConfig, newCapabilities);
SignerCapabilities updatedCapabilities = lineage.getSignerCapabilities(oldSignerConfig);
assertExpectedCapabilityValues(updatedCapabilities, expectedCapabilityValues);
}
use of com.android.apksig.SigningCertificateLineage.SignerCapabilities in project apksig by venshine.
the class ApkSignerTool method lineage.
public static void lineage(String[] params) throws Exception {
if (params.length == 0) {
printUsage(HELP_PAGE_LINEAGE);
return;
}
boolean verbose = false;
boolean printCerts = false;
boolean lineageUpdated = false;
File inputKeyLineage = null;
File outputKeyLineage = null;
String optionName;
OptionsParser optionsParser = new OptionsParser(params);
List<SignerParams> signers = new ArrayList<>(1);
while ((optionName = optionsParser.nextOption()) != null) {
if (("help".equals(optionName)) || ("h".equals(optionName))) {
printUsage(HELP_PAGE_LINEAGE);
return;
} else if ("in".equals(optionName)) {
inputKeyLineage = new File(optionsParser.getRequiredValue("Input file name"));
} else if ("out".equals(optionName)) {
outputKeyLineage = new File(optionsParser.getRequiredValue("Output file name"));
} else if ("signer".equals(optionName)) {
SignerParams signerParams = processSignerParams(optionsParser);
signers.add(signerParams);
} else if (("v".equals(optionName)) || ("verbose".equals(optionName))) {
verbose = optionsParser.getOptionalBooleanValue(true);
} else if ("print-certs".equals(optionName)) {
printCerts = optionsParser.getOptionalBooleanValue(true);
} else {
throw new ParameterException("Unsupported option: " + optionsParser.getOptionOriginalForm() + ". See --help for supported options.");
}
}
if (inputKeyLineage == null) {
throw new ParameterException("Input lineage file parameter not present");
}
SigningCertificateLineage lineage = getLineageFromInputFile(inputKeyLineage);
try (PasswordRetriever passwordRetriever = new PasswordRetriever()) {
for (int i = 0; i < signers.size(); i++) {
SignerParams signerParams = signers.get(i);
signerParams.setName("signer #" + (i + 1));
loadPrivateKeyAndCerts(signerParams, passwordRetriever);
SigningCertificateLineage.SignerConfig signerConfig = new SigningCertificateLineage.SignerConfig.Builder(signerParams.getPrivateKey(), signerParams.getCerts().get(0)).build();
try {
// since only the caller specified capabilities will be updated a direct
// comparison between the original capabilities of the signer and the
// signerCapabilitiesBuilder object with potential default values is not
// possible. Instead the capabilities should be updated first, then the new
// capabilities can be compared against the original to determine if the
// lineage has been updated and needs to be written out to a file.
SignerCapabilities origCapabilities = lineage.getSignerCapabilities(signerConfig);
lineage.updateSignerCapabilities(signerConfig, signerParams.getSignerCapabilitiesBuilder().build());
SignerCapabilities newCapabilities = lineage.getSignerCapabilities(signerConfig);
if (origCapabilities.equals(newCapabilities)) {
if (verbose) {
System.out.println("The provided signer capabilities for " + signerParams.getName() + " are unchanged.");
}
} else {
lineageUpdated = true;
if (verbose) {
System.out.println("Updated signer capabilities for " + signerParams.getName() + ".");
}
}
} catch (IllegalArgumentException e) {
throw new ParameterException("The signer " + signerParams.getName() + " was not found in the specified lineage.");
}
}
}
if (printCerts) {
List<X509Certificate> signingCerts = lineage.getCertificatesInLineage();
for (int i = 0; i < signingCerts.size(); i++) {
X509Certificate signerCert = signingCerts.get(i);
SignerCapabilities signerCapabilities = lineage.getSignerCapabilities(signerCert);
printCertificate(signerCert, "Signer #" + (i + 1) + " in lineage", verbose);
printCapabilities(signerCapabilities);
}
}
if (lineageUpdated) {
if (outputKeyLineage != null) {
lineage.writeToFile(outputKeyLineage);
if (verbose) {
System.out.println("Updated lineage saved to " + outputKeyLineage + ".");
}
} else {
throw new ParameterException("The lineage was modified but an output file for the lineage was not " + "specified");
}
}
}
use of com.android.apksig.SigningCertificateLineage.SignerCapabilities in project apksig by venshine.
the class SigningCertificateLineageTest method testRotationWithExitingLineageAndNonDefaultCapabilitiesForNewSigner.
@Test
public void testRotationWithExitingLineageAndNonDefaultCapabilitiesForNewSigner() throws Exception {
SigningCertificateLineage lineage = createLineageWithSignersFromResources(FIRST_RSA_2048_SIGNER_RESOURCE_NAME, SECOND_RSA_2048_SIGNER_RESOURCE_NAME);
SignerConfig oldSigner = mSigners.get(mSigners.size() - 1);
SignerConfig newSigner = Resources.toLineageSignerConfig(getClass(), THIRD_RSA_2048_SIGNER_RESOURCE_NAME);
List<Boolean> newSignerCapabilityValues = Arrays.asList(false, false, false, false, false);
lineage = lineage.spawnDescendant(oldSigner, newSigner, buildSignerCapabilities(newSignerCapabilityValues));
SignerCapabilities newSignerCapabilities = lineage.getSignerCapabilities(newSigner);
assertExpectedCapabilityValues(newSignerCapabilities, newSignerCapabilityValues);
}
use of com.android.apksig.SigningCertificateLineage.SignerCapabilities in project apksig by venshine.
the class SigningCertificateLineageTest method testFirstRotationWitNonDefaultCapabilitiesForSigners.
@Test
public void testFirstRotationWitNonDefaultCapabilitiesForSigners() throws Exception {
SignerConfig oldSigner = Resources.toLineageSignerConfig(getClass(), FIRST_RSA_2048_SIGNER_RESOURCE_NAME);
SignerConfig newSigner = Resources.toLineageSignerConfig(getClass(), SECOND_RSA_2048_SIGNER_RESOURCE_NAME);
List<Boolean> oldSignerCapabilityValues = Arrays.asList(false, false, false, false, false);
List<Boolean> newSignerCapabilityValues = Arrays.asList(false, true, false, false, false);
SigningCertificateLineage lineage = new SigningCertificateLineage.Builder(oldSigner, newSigner).setOriginalCapabilities(buildSignerCapabilities(oldSignerCapabilityValues)).setNewCapabilities(buildSignerCapabilities(newSignerCapabilityValues)).build();
SignerCapabilities oldSignerCapabilities = lineage.getSignerCapabilities(oldSigner);
assertExpectedCapabilityValues(oldSignerCapabilities, oldSignerCapabilityValues);
SignerCapabilities newSignerCapabilities = lineage.getSignerCapabilities(newSigner);
assertExpectedCapabilityValues(newSignerCapabilities, newSignerCapabilityValues);
}
Aggregations