Examples with NoApkSupportedSignaturesException com.android.apksig.internal.apk.NoApkSupportedSignaturesException used on opensource projects

Example 1 with NoApkSupportedSignaturesException

use of com.android.apksig.internal.apk.NoApkSupportedSignaturesException in project apksig by venshine.

the class SourceStampVerifier method verifySourceStampSignature.

private static void verifySourceStampSignature(byte[] data, int minSdkVersion, int maxSdkVersion, X509Certificate sourceStampCertificate, ByteBuffer signatures, ApkSignerInfo result) {
    // Parse the signatures block and identify supported signatures
    int signatureCount = 0;
    List<ApkSupportedSignature> supportedSignatures = new ArrayList<>(1);
    while (signatures.hasRemaining()) {
        signatureCount++;
        try {
            ByteBuffer signature = getLengthPrefixedSlice(signatures);
            int sigAlgorithmId = signature.getInt();
            byte[] sigBytes = readLengthPrefixedByteArray(signature);
            SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.findById(sigAlgorithmId);
            if (signatureAlgorithm == null) {
                result.addWarning(ApkVerificationIssue.SOURCE_STAMP_UNKNOWN_SIG_ALGORITHM, sigAlgorithmId);
                continue;
            }
            supportedSignatures.add(new ApkSupportedSignature(signatureAlgorithm, sigBytes));
        } catch (ApkFormatException | BufferUnderflowException e) {
            result.addWarning(ApkVerificationIssue.SOURCE_STAMP_MALFORMED_SIGNATURE, signatureCount);
            return;
        }
    }
    if (supportedSignatures.isEmpty()) {
        result.addWarning(ApkVerificationIssue.SOURCE_STAMP_NO_SIGNATURE);
        return;
    }
    // Verify signatures over digests using the SourceStamp's certificate.
    List<ApkSupportedSignature> signaturesToVerify;
    try {
        signaturesToVerify = getSignaturesToVerify(supportedSignatures, minSdkVersion, maxSdkVersion, true);
    } catch (NoApkSupportedSignaturesException e) {
        // To facilitate debugging capture the signature algorithms and resulting exception in
        // the warning.
        StringBuilder signatureAlgorithms = new StringBuilder();
        for (ApkSupportedSignature supportedSignature : supportedSignatures) {
            if (signatureAlgorithms.length() > 0) {
                signatureAlgorithms.append(", ");
            }
            signatureAlgorithms.append(supportedSignature.algorithm);
        }
        result.addWarning(ApkVerificationIssue.SOURCE_STAMP_NO_SUPPORTED_SIGNATURE, signatureAlgorithms.toString(), e);
        return;
    }
    for (ApkSupportedSignature signature : signaturesToVerify) {
        SignatureAlgorithm signatureAlgorithm = signature.algorithm;
        String jcaSignatureAlgorithm = signatureAlgorithm.getJcaSignatureAlgorithmAndParams().getFirst();
        AlgorithmParameterSpec jcaSignatureAlgorithmParams = signatureAlgorithm.getJcaSignatureAlgorithmAndParams().getSecond();
        PublicKey publicKey = sourceStampCertificate.getPublicKey();
        try {
            Signature sig = Signature.getInstance(jcaSignatureAlgorithm);
            sig.initVerify(publicKey);
            if (jcaSignatureAlgorithmParams != null) {
                sig.setParameter(jcaSignatureAlgorithmParams);
            }
            sig.update(data);
            byte[] sigBytes = signature.signature;
            if (!sig.verify(sigBytes)) {
                result.addWarning(ApkVerificationIssue.SOURCE_STAMP_DID_NOT_VERIFY, signatureAlgorithm);
                return;
            }
        } catch (InvalidKeyException | InvalidAlgorithmParameterException | SignatureException | NoSuchAlgorithmException e) {
            result.addWarning(ApkVerificationIssue.SOURCE_STAMP_VERIFY_EXCEPTION, signatureAlgorithm, e);
            return;
        }
    }
}