Search in sources :

Example 1 with SignerCapabilities

use of com.android.apksig.SigningCertificateLineage.SignerCapabilities in project apksig by venshine.

the class SigningCertificateLineageTest method testUpdatedCapabilitiesInLineageWrittenToFile.

@Test
public void testUpdatedCapabilitiesInLineageWrittenToFile() throws Exception {
    SigningCertificateLineage lineage = createLineageWithSignersFromResources(FIRST_RSA_2048_SIGNER_RESOURCE_NAME, SECOND_RSA_2048_SIGNER_RESOURCE_NAME);
    SignerConfig oldSignerConfig = mSigners.get(0);
    List<Boolean> expectedCapabilityValues = Arrays.asList(false, false, false, false, false);
    SignerCapabilities newCapabilities = buildSignerCapabilities(expectedCapabilityValues);
    lineage.updateSignerCapabilities(oldSignerConfig, newCapabilities);
    File lineageFile = File.createTempFile(getClass().getSimpleName(), ".bin");
    lineageFile.deleteOnExit();
    lineage.writeToFile(lineageFile);
    lineage = SigningCertificateLineage.readFromFile(lineageFile);
    SignerCapabilities updatedCapabilities = lineage.getSignerCapabilities(oldSignerConfig);
    assertExpectedCapabilityValues(updatedCapabilities, expectedCapabilityValues);
}
Also used : SignerConfig(com.android.apksig.SigningCertificateLineage.SignerConfig) SignerCapabilities(com.android.apksig.SigningCertificateLineage.SignerCapabilities) File(java.io.File) Test(org.junit.Test)

Example 2 with SignerCapabilities

use of com.android.apksig.SigningCertificateLineage.SignerCapabilities in project apksig by venshine.

the class SigningCertificateLineageTest method testUpdatedCapabilitiesInLineage.

@Test
public void testUpdatedCapabilitiesInLineage() throws Exception {
    SigningCertificateLineage lineage = createLineageWithSignersFromResources(FIRST_RSA_2048_SIGNER_RESOURCE_NAME, SECOND_RSA_2048_SIGNER_RESOURCE_NAME);
    SignerConfig oldSignerConfig = mSigners.get(0);
    List<Boolean> expectedCapabilityValues = Arrays.asList(false, false, false, false, false);
    SignerCapabilities newCapabilities = buildSignerCapabilities(expectedCapabilityValues);
    lineage.updateSignerCapabilities(oldSignerConfig, newCapabilities);
    SignerCapabilities updatedCapabilities = lineage.getSignerCapabilities(oldSignerConfig);
    assertExpectedCapabilityValues(updatedCapabilities, expectedCapabilityValues);
}
Also used : SignerConfig(com.android.apksig.SigningCertificateLineage.SignerConfig) SignerCapabilities(com.android.apksig.SigningCertificateLineage.SignerCapabilities) Test(org.junit.Test)

Example 3 with SignerCapabilities

use of com.android.apksig.SigningCertificateLineage.SignerCapabilities in project apksig by venshine.

the class ApkSignerTool method lineage.

public static void lineage(String[] params) throws Exception {
    if (params.length == 0) {
        printUsage(HELP_PAGE_LINEAGE);
        return;
    }
    boolean verbose = false;
    boolean printCerts = false;
    boolean lineageUpdated = false;
    File inputKeyLineage = null;
    File outputKeyLineage = null;
    String optionName;
    OptionsParser optionsParser = new OptionsParser(params);
    List<SignerParams> signers = new ArrayList<>(1);
    while ((optionName = optionsParser.nextOption()) != null) {
        if (("help".equals(optionName)) || ("h".equals(optionName))) {
            printUsage(HELP_PAGE_LINEAGE);
            return;
        } else if ("in".equals(optionName)) {
            inputKeyLineage = new File(optionsParser.getRequiredValue("Input file name"));
        } else if ("out".equals(optionName)) {
            outputKeyLineage = new File(optionsParser.getRequiredValue("Output file name"));
        } else if ("signer".equals(optionName)) {
            SignerParams signerParams = processSignerParams(optionsParser);
            signers.add(signerParams);
        } else if (("v".equals(optionName)) || ("verbose".equals(optionName))) {
            verbose = optionsParser.getOptionalBooleanValue(true);
        } else if ("print-certs".equals(optionName)) {
            printCerts = optionsParser.getOptionalBooleanValue(true);
        } else {
            throw new ParameterException("Unsupported option: " + optionsParser.getOptionOriginalForm() + ". See --help for supported options.");
        }
    }
    if (inputKeyLineage == null) {
        throw new ParameterException("Input lineage file parameter not present");
    }
    SigningCertificateLineage lineage = getLineageFromInputFile(inputKeyLineage);
    try (PasswordRetriever passwordRetriever = new PasswordRetriever()) {
        for (int i = 0; i < signers.size(); i++) {
            SignerParams signerParams = signers.get(i);
            signerParams.setName("signer #" + (i + 1));
            loadPrivateKeyAndCerts(signerParams, passwordRetriever);
            SigningCertificateLineage.SignerConfig signerConfig = new SigningCertificateLineage.SignerConfig.Builder(signerParams.getPrivateKey(), signerParams.getCerts().get(0)).build();
            try {
                // since only the caller specified capabilities will be updated a direct
                // comparison between the original capabilities of the signer and the
                // signerCapabilitiesBuilder object with potential default values is not
                // possible. Instead the capabilities should be updated first, then the new
                // capabilities can be compared against the original to determine if the
                // lineage has been updated and needs to be written out to a file.
                SignerCapabilities origCapabilities = lineage.getSignerCapabilities(signerConfig);
                lineage.updateSignerCapabilities(signerConfig, signerParams.getSignerCapabilitiesBuilder().build());
                SignerCapabilities newCapabilities = lineage.getSignerCapabilities(signerConfig);
                if (origCapabilities.equals(newCapabilities)) {
                    if (verbose) {
                        System.out.println("The provided signer capabilities for " + signerParams.getName() + " are unchanged.");
                    }
                } else {
                    lineageUpdated = true;
                    if (verbose) {
                        System.out.println("Updated signer capabilities for " + signerParams.getName() + ".");
                    }
                }
            } catch (IllegalArgumentException e) {
                throw new ParameterException("The signer " + signerParams.getName() + " was not found in the specified lineage.");
            }
        }
    }
    if (printCerts) {
        List<X509Certificate> signingCerts = lineage.getCertificatesInLineage();
        for (int i = 0; i < signingCerts.size(); i++) {
            X509Certificate signerCert = signingCerts.get(i);
            SignerCapabilities signerCapabilities = lineage.getSignerCapabilities(signerCert);
            printCertificate(signerCert, "Signer #" + (i + 1) + " in lineage", verbose);
            printCapabilities(signerCapabilities);
        }
    }
    if (lineageUpdated) {
        if (outputKeyLineage != null) {
            lineage.writeToFile(outputKeyLineage);
            if (verbose) {
                System.out.println("Updated lineage saved to " + outputKeyLineage + ".");
            }
        } else {
            throw new ParameterException("The lineage was modified but an output file for the lineage was not " + "specified");
        }
    }
}
Also used : ArrayList(java.util.ArrayList) SignerCapabilities(com.android.apksig.SigningCertificateLineage.SignerCapabilities) X509Certificate(java.security.cert.X509Certificate) SigningCertificateLineage(com.android.apksig.SigningCertificateLineage) RandomAccessFile(java.io.RandomAccessFile) File(java.io.File)

Example 4 with SignerCapabilities

use of com.android.apksig.SigningCertificateLineage.SignerCapabilities in project apksig by venshine.

the class SigningCertificateLineageTest method testRotationWithExitingLineageAndNonDefaultCapabilitiesForNewSigner.

@Test
public void testRotationWithExitingLineageAndNonDefaultCapabilitiesForNewSigner() throws Exception {
    SigningCertificateLineage lineage = createLineageWithSignersFromResources(FIRST_RSA_2048_SIGNER_RESOURCE_NAME, SECOND_RSA_2048_SIGNER_RESOURCE_NAME);
    SignerConfig oldSigner = mSigners.get(mSigners.size() - 1);
    SignerConfig newSigner = Resources.toLineageSignerConfig(getClass(), THIRD_RSA_2048_SIGNER_RESOURCE_NAME);
    List<Boolean> newSignerCapabilityValues = Arrays.asList(false, false, false, false, false);
    lineage = lineage.spawnDescendant(oldSigner, newSigner, buildSignerCapabilities(newSignerCapabilityValues));
    SignerCapabilities newSignerCapabilities = lineage.getSignerCapabilities(newSigner);
    assertExpectedCapabilityValues(newSignerCapabilities, newSignerCapabilityValues);
}
Also used : SignerConfig(com.android.apksig.SigningCertificateLineage.SignerConfig) SignerCapabilities(com.android.apksig.SigningCertificateLineage.SignerCapabilities) Test(org.junit.Test)

Example 5 with SignerCapabilities

use of com.android.apksig.SigningCertificateLineage.SignerCapabilities in project apksig by venshine.

the class SigningCertificateLineageTest method testFirstRotationWitNonDefaultCapabilitiesForSigners.

@Test
public void testFirstRotationWitNonDefaultCapabilitiesForSigners() throws Exception {
    SignerConfig oldSigner = Resources.toLineageSignerConfig(getClass(), FIRST_RSA_2048_SIGNER_RESOURCE_NAME);
    SignerConfig newSigner = Resources.toLineageSignerConfig(getClass(), SECOND_RSA_2048_SIGNER_RESOURCE_NAME);
    List<Boolean> oldSignerCapabilityValues = Arrays.asList(false, false, false, false, false);
    List<Boolean> newSignerCapabilityValues = Arrays.asList(false, true, false, false, false);
    SigningCertificateLineage lineage = new SigningCertificateLineage.Builder(oldSigner, newSigner).setOriginalCapabilities(buildSignerCapabilities(oldSignerCapabilityValues)).setNewCapabilities(buildSignerCapabilities(newSignerCapabilityValues)).build();
    SignerCapabilities oldSignerCapabilities = lineage.getSignerCapabilities(oldSigner);
    assertExpectedCapabilityValues(oldSignerCapabilities, oldSignerCapabilityValues);
    SignerCapabilities newSignerCapabilities = lineage.getSignerCapabilities(newSigner);
    assertExpectedCapabilityValues(newSignerCapabilities, newSignerCapabilityValues);
}
Also used : SignerConfig(com.android.apksig.SigningCertificateLineage.SignerConfig) SignerCapabilities(com.android.apksig.SigningCertificateLineage.SignerCapabilities) Test(org.junit.Test)

Aggregations

SignerCapabilities (com.android.apksig.SigningCertificateLineage.SignerCapabilities)6 SignerConfig (com.android.apksig.SigningCertificateLineage.SignerConfig)5 Test (org.junit.Test)5 File (java.io.File)2 SigningCertificateLineage (com.android.apksig.SigningCertificateLineage)1 RandomAccessFile (java.io.RandomAccessFile)1 X509Certificate (java.security.cert.X509Certificate)1 ArrayList (java.util.ArrayList)1