Search in sources :

Example 1 with ApkSupportedSignature

use of com.android.apksig.internal.apk.ApkSupportedSignature in project apksig by venshine.

the class SourceStampVerifier method verifySourceStampSignature.

private static void verifySourceStampSignature(byte[] data, int minSdkVersion, int maxSdkVersion, X509Certificate sourceStampCertificate, ByteBuffer signatures, ApkSignerInfo result) {
    // Parse the signatures block and identify supported signatures
    int signatureCount = 0;
    List<ApkSupportedSignature> supportedSignatures = new ArrayList<>(1);
    while (signatures.hasRemaining()) {
        signatureCount++;
        try {
            ByteBuffer signature = getLengthPrefixedSlice(signatures);
            int sigAlgorithmId = signature.getInt();
            byte[] sigBytes = readLengthPrefixedByteArray(signature);
            SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.findById(sigAlgorithmId);
            if (signatureAlgorithm == null) {
                result.addWarning(ApkVerificationIssue.SOURCE_STAMP_UNKNOWN_SIG_ALGORITHM, sigAlgorithmId);
                continue;
            }
            supportedSignatures.add(new ApkSupportedSignature(signatureAlgorithm, sigBytes));
        } catch (ApkFormatException | BufferUnderflowException e) {
            result.addWarning(ApkVerificationIssue.SOURCE_STAMP_MALFORMED_SIGNATURE, signatureCount);
            return;
        }
    }
    if (supportedSignatures.isEmpty()) {
        result.addWarning(ApkVerificationIssue.SOURCE_STAMP_NO_SIGNATURE);
        return;
    }
    // Verify signatures over digests using the SourceStamp's certificate.
    List<ApkSupportedSignature> signaturesToVerify;
    try {
        signaturesToVerify = getSignaturesToVerify(supportedSignatures, minSdkVersion, maxSdkVersion, true);
    } catch (NoApkSupportedSignaturesException e) {
        // To facilitate debugging capture the signature algorithms and resulting exception in
        // the warning.
        StringBuilder signatureAlgorithms = new StringBuilder();
        for (ApkSupportedSignature supportedSignature : supportedSignatures) {
            if (signatureAlgorithms.length() > 0) {
                signatureAlgorithms.append(", ");
            }
            signatureAlgorithms.append(supportedSignature.algorithm);
        }
        result.addWarning(ApkVerificationIssue.SOURCE_STAMP_NO_SUPPORTED_SIGNATURE, signatureAlgorithms.toString(), e);
        return;
    }
    for (ApkSupportedSignature signature : signaturesToVerify) {
        SignatureAlgorithm signatureAlgorithm = signature.algorithm;
        String jcaSignatureAlgorithm = signatureAlgorithm.getJcaSignatureAlgorithmAndParams().getFirst();
        AlgorithmParameterSpec jcaSignatureAlgorithmParams = signatureAlgorithm.getJcaSignatureAlgorithmAndParams().getSecond();
        PublicKey publicKey = sourceStampCertificate.getPublicKey();
        try {
            Signature sig = Signature.getInstance(jcaSignatureAlgorithm);
            sig.initVerify(publicKey);
            if (jcaSignatureAlgorithmParams != null) {
                sig.setParameter(jcaSignatureAlgorithmParams);
            }
            sig.update(data);
            byte[] sigBytes = signature.signature;
            if (!sig.verify(sigBytes)) {
                result.addWarning(ApkVerificationIssue.SOURCE_STAMP_DID_NOT_VERIFY, signatureAlgorithm);
                return;
            }
        } catch (InvalidKeyException | InvalidAlgorithmParameterException | SignatureException | NoSuchAlgorithmException e) {
            result.addWarning(ApkVerificationIssue.SOURCE_STAMP_VERIFY_EXCEPTION, signatureAlgorithm, e);
            return;
        }
    }
}
Also used : InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) PublicKey(java.security.PublicKey) ArrayList(java.util.ArrayList) SignatureAlgorithm(com.android.apksig.internal.apk.SignatureAlgorithm) SignatureException(java.security.SignatureException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) ByteBuffer(java.nio.ByteBuffer) ApkSupportedSignature(com.android.apksig.internal.apk.ApkSupportedSignature) ApkFormatException(com.android.apksig.apk.ApkFormatException) ApkSupportedSignature(com.android.apksig.internal.apk.ApkSupportedSignature) Signature(java.security.Signature) NoApkSupportedSignaturesException(com.android.apksig.internal.apk.NoApkSupportedSignaturesException) AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec) BufferUnderflowException(java.nio.BufferUnderflowException)

Aggregations

ApkFormatException (com.android.apksig.apk.ApkFormatException)1 ApkSupportedSignature (com.android.apksig.internal.apk.ApkSupportedSignature)1 NoApkSupportedSignaturesException (com.android.apksig.internal.apk.NoApkSupportedSignaturesException)1 SignatureAlgorithm (com.android.apksig.internal.apk.SignatureAlgorithm)1 BufferUnderflowException (java.nio.BufferUnderflowException)1 ByteBuffer (java.nio.ByteBuffer)1 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)1 InvalidKeyException (java.security.InvalidKeyException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 PublicKey (java.security.PublicKey)1 Signature (java.security.Signature)1 SignatureException (java.security.SignatureException)1 AlgorithmParameterSpec (java.security.spec.AlgorithmParameterSpec)1 ArrayList (java.util.ArrayList)1