Example 6 with SignatureInfo
use of com.android.apksig.internal.apk.SignatureInfo in project apksig by venshine.
the class ApkVerifier method getApkContentDigests.
/**
* Obtains the APK content digest(s) and adds them to the provided {@code
* sigSchemeApkContentDigests}, returning an {@code ApkSigningBlockUtils.Result} that can be
* merged with a {@code Result} to notify the client of any errors.
*
* <p>Note, this method currently only supports signature scheme V2 and V3; to obtain the
* content digests for V1 signatures use {@link
* #getApkContentDigestFromV1SigningScheme(List, DataSource, ApkUtils.ZipSections)}. If a
* signature scheme version other than V2 or V3 is provided a {@code null} value will be
* returned.
*/
private ApkSigningBlockUtils.Result getApkContentDigests(DataSource apk, ApkUtils.ZipSections zipSections, Set<Integer> foundApkSigSchemeIds, Map<Integer, String> supportedSchemeNames, Map<Integer, Map<ContentDigestAlgorithm, byte[]>> sigSchemeApkContentDigests, int apkSigSchemeVersion, int minSdkVersion) throws IOException, NoSuchAlgorithmException {
if (!(apkSigSchemeVersion == VERSION_APK_SIGNATURE_SCHEME_V2 || apkSigSchemeVersion == VERSION_APK_SIGNATURE_SCHEME_V3)) {
return null;
}
ApkSigningBlockUtils.Result result = new ApkSigningBlockUtils.Result(apkSigSchemeVersion);
SignatureInfo signatureInfo;
try {
int sigSchemeBlockId = apkSigSchemeVersion == VERSION_APK_SIGNATURE_SCHEME_V3 ? V3SchemeConstants.APK_SIGNATURE_SCHEME_V3_BLOCK_ID : V2SchemeConstants.APK_SIGNATURE_SCHEME_V2_BLOCK_ID;
signatureInfo = ApkSigningBlockUtils.findSignature(apk, zipSections, sigSchemeBlockId, result);
} catch (ApkSigningBlockUtils.SignatureNotFoundException e) {
return null;
}
foundApkSigSchemeIds.add(apkSigSchemeVersion);
Set<ContentDigestAlgorithm> contentDigestsToVerify = new HashSet<>(1);
if (apkSigSchemeVersion == VERSION_APK_SIGNATURE_SCHEME_V2) {
V2SchemeVerifier.parseSigners(signatureInfo.signatureBlock, contentDigestsToVerify, supportedSchemeNames, foundApkSigSchemeIds, minSdkVersion, mMaxSdkVersion, result);
} else {
V3SchemeVerifier.parseSigners(signatureInfo.signatureBlock, contentDigestsToVerify, result);
}
Map<ContentDigestAlgorithm, byte[]> apkContentDigests = new EnumMap<>(ContentDigestAlgorithm.class);
for (ApkSigningBlockUtils.Result.SignerInfo signerInfo : result.signers) {
for (ApkSigningBlockUtils.Result.SignerInfo.ContentDigest contentDigest : signerInfo.contentDigests) {
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.findById(contentDigest.getSignatureAlgorithmId());
if (signatureAlgorithm == null) {
continue;
}
apkContentDigests.put(signatureAlgorithm.getContentDigestAlgorithm(), contentDigest.getValue());
}
}
sigSchemeApkContentDigests.put(apkSigSchemeVersion, apkContentDigests);
return result;
}
Also used :
SignatureAlgorithm(com.android.apksig.internal.apk.SignatureAlgorithm)
ApkSigningBlockUtils(com.android.apksig.internal.apk.ApkSigningBlockUtils)
ApkSigResult(com.android.apksig.internal.apk.ApkSigResult)
SignatureInfo(com.android.apksig.internal.apk.SignatureInfo)
ApkSignerInfo(com.android.apksig.internal.apk.ApkSignerInfo)
ContentDigestAlgorithm(com.android.apksig.internal.apk.ContentDigestAlgorithm)
EnumMap(java.util.EnumMap)
HashSet(java.util.HashSet)
Example 7 with SignatureInfo
use of com.android.apksig.internal.apk.SignatureInfo in project apksig by venshine.
the class V2SchemeVerifier method verify.
/**
* Verifies the provided APK's APK Signature Scheme v2 signatures and returns the result of
* verification. The APK must be considered verified only if
* {@link ApkSigningBlockUtils.Result#verified} is
* {@code true}. If verification fails, the result will contain errors -- see
* {@link ApkSigningBlockUtils.Result#getErrors()}.
*
* <p>Verification succeeds iff the APK's APK Signature Scheme v2 signatures are expected to
* verify on all Android platform versions in the {@code [minSdkVersion, maxSdkVersion]} range.
* If the APK's signature is expected to not verify on any of the specified platform versions,
* this method returns a result with one or more errors and whose
* {@code Result.verified == false}, or this method throws an exception.
*
* @throws ApkFormatException if the APK is malformed
* @throws NoSuchAlgorithmException if the APK's signatures cannot be verified because a
* required cryptographic algorithm implementation is missing
* @throws ApkSigningBlockUtils.SignatureNotFoundException if no APK Signature Scheme v2
* signatures are found
* @throws IOException if an I/O error occurs when reading the APK
*/
public static ApkSigningBlockUtils.Result verify(RunnablesExecutor executor, DataSource apk, ApkUtils.ZipSections zipSections, Map<Integer, String> supportedApkSigSchemeNames, Set<Integer> foundSigSchemeIds, int minSdkVersion, int maxSdkVersion) throws IOException, ApkFormatException, NoSuchAlgorithmException, ApkSigningBlockUtils.SignatureNotFoundException {
ApkSigningBlockUtils.Result result = new ApkSigningBlockUtils.Result(ApkSigningBlockUtils.VERSION_APK_SIGNATURE_SCHEME_V2);
SignatureInfo signatureInfo = ApkSigningBlockUtils.findSignature(apk, zipSections, V2SchemeConstants.APK_SIGNATURE_SCHEME_V2_BLOCK_ID, result);
DataSource beforeApkSigningBlock = apk.slice(0, signatureInfo.apkSigningBlockOffset);
DataSource centralDir = apk.slice(signatureInfo.centralDirOffset, signatureInfo.eocdOffset - signatureInfo.centralDirOffset);
ByteBuffer eocd = signatureInfo.eocd;
verify(executor, beforeApkSigningBlock, signatureInfo.signatureBlock, centralDir, eocd, supportedApkSigSchemeNames, foundSigSchemeIds, minSdkVersion, maxSdkVersion, result);
return result;
}
Also used :
SignatureInfo(com.android.apksig.internal.apk.SignatureInfo)
ApkSigningBlockUtils(com.android.apksig.internal.apk.ApkSigningBlockUtils)
ByteBuffer(java.nio.ByteBuffer)
DataSource(com.android.apksig.util.DataSource)
Example 8 with SignatureInfo
use of com.android.apksig.internal.apk.SignatureInfo in project apksig by venshine.
the class V3SchemeVerifier method verify.
/**
* Verifies the provided APK's APK Signature Scheme v3 signatures and returns the result of
* verification. The APK must be considered verified only if
* {@link ApkSigningBlockUtils.Result#verified} is
* {@code true}. If verification fails, the result will contain errors -- see
* {@link ApkSigningBlockUtils.Result#getErrors()}.
*
* <p>Verification succeeds iff the APK's APK Signature Scheme v3 signatures are expected to
* verify on all Android platform versions in the {@code [minSdkVersion, maxSdkVersion]} range.
* If the APK's signature is expected to not verify on any of the specified platform versions,
* this method returns a result with one or more errors and whose
* {@code Result.verified == false}, or this method throws an exception.
*
* @throws ApkFormatException if the APK is malformed
* @throws NoSuchAlgorithmException if the APK's signatures cannot be verified because a
* required cryptographic algorithm implementation is missing
* @throws SignatureNotFoundException if no APK Signature Scheme v3
* signatures are found
* @throws IOException if an I/O error occurs when reading the APK
*/
public static ApkSigningBlockUtils.Result verify(RunnablesExecutor executor, DataSource apk, ApkUtils.ZipSections zipSections, int minSdkVersion, int maxSdkVersion) throws IOException, NoSuchAlgorithmException, SignatureNotFoundException {
ApkSigningBlockUtils.Result result = new ApkSigningBlockUtils.Result(ApkSigningBlockUtils.VERSION_APK_SIGNATURE_SCHEME_V3);
SignatureInfo signatureInfo = ApkSigningBlockUtils.findSignature(apk, zipSections, V3SchemeConstants.APK_SIGNATURE_SCHEME_V3_BLOCK_ID, result);
DataSource beforeApkSigningBlock = apk.slice(0, signatureInfo.apkSigningBlockOffset);
DataSource centralDir = apk.slice(signatureInfo.centralDirOffset, signatureInfo.eocdOffset - signatureInfo.centralDirOffset);
ByteBuffer eocd = signatureInfo.eocd;
// platforms
if (minSdkVersion < AndroidSdkVersion.P) {
minSdkVersion = AndroidSdkVersion.P;
}
verify(executor, beforeApkSigningBlock, signatureInfo.signatureBlock, centralDir, eocd, minSdkVersion, maxSdkVersion, result);
return result;
}
Also used :
SignatureInfo(com.android.apksig.internal.apk.SignatureInfo)
ApkSigningBlockUtils(com.android.apksig.internal.apk.ApkSigningBlockUtils)
ByteBuffer(java.nio.ByteBuffer)
DataSource(com.android.apksig.util.DataSource)
Example 9 with SignatureInfo
use of com.android.apksig.internal.apk.SignatureInfo in project apksig by venshine.
the class V1SourceStampVerifier method verify.
/**
* Verifies the provided APK's SourceStamp signatures and returns the result of verification.
* The APK must be considered verified only if {@link ApkSigningBlockUtils.Result#verified} is
* {@code true}. If verification fails, the result will contain errors -- see {@link
* ApkSigningBlockUtils.Result#getErrors()}.
*
* @throws NoSuchAlgorithmException if the APK's signatures cannot be verified because a
* required cryptographic algorithm implementation is missing
* @throws ApkSigningBlockUtils.SignatureNotFoundException if no SourceStamp signatures are
* found
* @throws IOException if an I/O error occurs when reading the APK
*/
public static ApkSigningBlockUtils.Result verify(DataSource apk, ApkUtils.ZipSections zipSections, byte[] sourceStampCertificateDigest, Map<ContentDigestAlgorithm, byte[]> apkContentDigests, int minSdkVersion, int maxSdkVersion) throws IOException, NoSuchAlgorithmException, ApkSigningBlockUtils.SignatureNotFoundException {
ApkSigningBlockUtils.Result result = new ApkSigningBlockUtils.Result(ApkSigningBlockUtils.VERSION_SOURCE_STAMP);
SignatureInfo signatureInfo = ApkSigningBlockUtils.findSignature(apk, zipSections, V1_SOURCE_STAMP_BLOCK_ID, result);
verify(signatureInfo.signatureBlock, sourceStampCertificateDigest, apkContentDigests, minSdkVersion, maxSdkVersion, result);
return result;
}
Also used :
SignatureInfo(com.android.apksig.internal.apk.SignatureInfo)
ApkSigningBlockUtils(com.android.apksig.internal.apk.ApkSigningBlockUtils)
Example 10 with SignatureInfo
use of com.android.apksig.internal.apk.SignatureInfo in project apksig by venshine.
the class V4SchemeSigner method getBestV3Digest.
private static byte[] getBestV3Digest(DataSource apk, ApkUtils.ZipSections zipSections) throws SignatureException {
final Set<ContentDigestAlgorithm> contentDigestsToVerify = new HashSet<>(1);
final ApkSigningBlockUtils.Result result = new ApkSigningBlockUtils.Result(ApkSigningBlockUtils.VERSION_APK_SIGNATURE_SCHEME_V3);
try {
final SignatureInfo signatureInfo = ApkSigningBlockUtils.findSignature(apk, zipSections, APK_SIGNATURE_SCHEME_V3_BLOCK_ID, result);
final ByteBuffer apkSignatureSchemeV3Block = signatureInfo.signatureBlock;
V3SchemeVerifier.parseSigners(apkSignatureSchemeV3Block, contentDigestsToVerify, result);
} catch (Exception e) {
throw new SignatureException("Failed to extract and parse v3 block", e);
}
if (result.signers.size() != 1) {
throw new SignatureException("Should only have one signer, errors: " + result.getErrors());
}
ApkSigningBlockUtils.Result.SignerInfo signer = result.signers.get(0);
if (signer.containsErrors()) {
throw new SignatureException("Parsing failed: " + signer.getErrors());
}
final List<ApkSigningBlockUtils.Result.SignerInfo.ContentDigest> contentDigests = result.signers.get(0).contentDigests;
return pickBestDigest(contentDigests);
}
Also used :
SignatureException(java.security.SignatureException)
ApkSigningBlockUtils(com.android.apksig.internal.apk.ApkSigningBlockUtils)
ByteBuffer(java.nio.ByteBuffer)
SignatureException(java.security.SignatureException)
IOException(java.io.IOException)
ZipFormatException(com.android.apksig.zip.ZipFormatException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
SignatureInfo(com.android.apksig.internal.apk.SignatureInfo)
ContentDigestAlgorithm(com.android.apksig.internal.apk.ContentDigestAlgorithm)
HashSet(java.util.HashSet)
Aggregations
SignatureInfo (com.android.apksig.internal.apk.SignatureInfo)11
ApkSigningBlockUtils (com.android.apksig.internal.apk.ApkSigningBlockUtils)7
ByteBuffer (java.nio.ByteBuffer)6
ZipFormatException (com.android.apksig.zip.ZipFormatException)5
ContentDigestAlgorithm (com.android.apksig.internal.apk.ContentDigestAlgorithm)4
IOException (java.io.IOException)4
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4
ApkFormatException (com.android.apksig.apk.ApkFormatException)3
ApkSigResult (com.android.apksig.internal.apk.ApkSigResult)3
SignatureException (java.security.SignatureException)3
HashSet (java.util.HashSet)3
DataSource (com.android.apksig.util.DataSource)2
InvalidKeyException (java.security.InvalidKeyException)2
CertificateEncodingException (java.security.cert.CertificateEncodingException)2
EnumMap (java.util.EnumMap)2
ApkUtils (com.android.apksig.apk.ApkUtils)1
ApkSignerInfo (com.android.apksig.internal.apk.ApkSignerInfo)1
SignatureAlgorithm (com.android.apksig.internal.apk.SignatureAlgorithm)1
SignatureNotFoundException (com.android.apksig.internal.apk.SignatureNotFoundException)1
V3SigningCertificateLineage (com.android.apksig.internal.apk.v3.V3SigningCertificateLineage)1
