Example 1 with ApkSupportedSignature
use of com.android.apksig.internal.apk.ApkSupportedSignature in project apksig by venshine.
the class SourceStampVerifier method verifySourceStampSignature.
private static void verifySourceStampSignature(byte[] data, int minSdkVersion, int maxSdkVersion, X509Certificate sourceStampCertificate, ByteBuffer signatures, ApkSignerInfo result) {
// Parse the signatures block and identify supported signatures
int signatureCount = 0;
List<ApkSupportedSignature> supportedSignatures = new ArrayList<>(1);
while (signatures.hasRemaining()) {
signatureCount++;
try {
ByteBuffer signature = getLengthPrefixedSlice(signatures);
int sigAlgorithmId = signature.getInt();
byte[] sigBytes = readLengthPrefixedByteArray(signature);
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.findById(sigAlgorithmId);
if (signatureAlgorithm == null) {
result.addWarning(ApkVerificationIssue.SOURCE_STAMP_UNKNOWN_SIG_ALGORITHM, sigAlgorithmId);
continue;
}
supportedSignatures.add(new ApkSupportedSignature(signatureAlgorithm, sigBytes));
} catch (ApkFormatException | BufferUnderflowException e) {
result.addWarning(ApkVerificationIssue.SOURCE_STAMP_MALFORMED_SIGNATURE, signatureCount);
return;
}
}
if (supportedSignatures.isEmpty()) {
result.addWarning(ApkVerificationIssue.SOURCE_STAMP_NO_SIGNATURE);
return;
}
// Verify signatures over digests using the SourceStamp's certificate.
List<ApkSupportedSignature> signaturesToVerify;
try {
signaturesToVerify = getSignaturesToVerify(supportedSignatures, minSdkVersion, maxSdkVersion, true);
} catch (NoApkSupportedSignaturesException e) {
// To facilitate debugging capture the signature algorithms and resulting exception in
// the warning.
StringBuilder signatureAlgorithms = new StringBuilder();
for (ApkSupportedSignature supportedSignature : supportedSignatures) {
if (signatureAlgorithms.length() > 0) {
signatureAlgorithms.append(", ");
}
signatureAlgorithms.append(supportedSignature.algorithm);
}
result.addWarning(ApkVerificationIssue.SOURCE_STAMP_NO_SUPPORTED_SIGNATURE, signatureAlgorithms.toString(), e);
return;
}
for (ApkSupportedSignature signature : signaturesToVerify) {
SignatureAlgorithm signatureAlgorithm = signature.algorithm;
String jcaSignatureAlgorithm = signatureAlgorithm.getJcaSignatureAlgorithmAndParams().getFirst();
AlgorithmParameterSpec jcaSignatureAlgorithmParams = signatureAlgorithm.getJcaSignatureAlgorithmAndParams().getSecond();
PublicKey publicKey = sourceStampCertificate.getPublicKey();
try {
Signature sig = Signature.getInstance(jcaSignatureAlgorithm);
sig.initVerify(publicKey);
if (jcaSignatureAlgorithmParams != null) {
sig.setParameter(jcaSignatureAlgorithmParams);
}
sig.update(data);
byte[] sigBytes = signature.signature;
if (!sig.verify(sigBytes)) {
result.addWarning(ApkVerificationIssue.SOURCE_STAMP_DID_NOT_VERIFY, signatureAlgorithm);
return;
}
} catch (InvalidKeyException | InvalidAlgorithmParameterException | SignatureException | NoSuchAlgorithmException e) {
result.addWarning(ApkVerificationIssue.SOURCE_STAMP_VERIFY_EXCEPTION, signatureAlgorithm, e);
return;
}
}
}
Also used :
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
PublicKey(java.security.PublicKey)
ArrayList(java.util.ArrayList)
SignatureAlgorithm(com.android.apksig.internal.apk.SignatureAlgorithm)
SignatureException(java.security.SignatureException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
ByteBuffer(java.nio.ByteBuffer)
ApkSupportedSignature(com.android.apksig.internal.apk.ApkSupportedSignature)
ApkFormatException(com.android.apksig.apk.ApkFormatException)
ApkSupportedSignature(com.android.apksig.internal.apk.ApkSupportedSignature)
Signature(java.security.Signature)
NoApkSupportedSignaturesException(com.android.apksig.internal.apk.NoApkSupportedSignaturesException)
AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec)
BufferUnderflowException(java.nio.BufferUnderflowException)
Aggregations
ApkFormatException (com.android.apksig.apk.ApkFormatException)1
ApkSupportedSignature (com.android.apksig.internal.apk.ApkSupportedSignature)1
NoApkSupportedSignaturesException (com.android.apksig.internal.apk.NoApkSupportedSignaturesException)1
SignatureAlgorithm (com.android.apksig.internal.apk.SignatureAlgorithm)1
BufferUnderflowException (java.nio.BufferUnderflowException)1
ByteBuffer (java.nio.ByteBuffer)1
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)1
InvalidKeyException (java.security.InvalidKeyException)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
PublicKey (java.security.PublicKey)1
Signature (java.security.Signature)1
SignatureException (java.security.SignatureException)1
AlgorithmParameterSpec (java.security.spec.AlgorithmParameterSpec)1
ArrayList (java.util.ArrayList)1
