Examples with ZipFormatException com.android.apksig.zip.ZipFormatException used on opensource projects

Example 6 with ZipFormatException

use of com.android.apksig.zip.ZipFormatException in project apksig by venshine.

the class LocalFileRecord method outputUncompressedData.

/**
 * Sends uncompressed data of this record into the the provided data sink.
 */
public void outputUncompressedData(DataSource lfhSection, DataSink sink) throws IOException, ZipFormatException {
    long dataStartOffsetInArchive = mStartOffsetInArchive + mDataStartOffset;
    try {
        if (mDataCompressed) {
            try (InflateSinkAdapter inflateAdapter = new InflateSinkAdapter(sink)) {
                lfhSection.feed(dataStartOffsetInArchive, mDataSize, inflateAdapter);
                long actualUncompressedSize = inflateAdapter.getOutputByteCount();
                if (actualUncompressedSize != mUncompressedDataSize) {
                    throw new ZipFormatException("Unexpected size of uncompressed data of " + mName + ". Expected: " + mUncompressedDataSize + " bytes" + ", actual: " + actualUncompressedSize + " bytes");
                }
            } catch (IOException e) {
                if (e.getCause() instanceof DataFormatException) {
                    throw new ZipFormatException("Data of entry " + mName + " malformed", e);
                }
                throw e;
            }
        } else {
            lfhSection.feed(dataStartOffsetInArchive, mDataSize, sink);
        // No need to check whether output size is as expected because DataSource.feed is
        // guaranteed to output exactly the number of bytes requested.
        }
    } catch (IOException e) {
        throw new IOException("Failed to read data of " + ((mDataCompressed) ? "compressed" : "uncompressed") + " entry " + mName, e);
    }
// Interestingly, Android doesn't check that uncompressed data's CRC-32 is as expected. We
// thus don't check either.
}

Example 7 with ZipFormatException

use of com.android.apksig.zip.ZipFormatException in project apksig by venshine.

the class V4SchemeSigner method getApkDigest.

// Get digest by parsing the V2/V3-signed apk and choosing the first digest of supported type.
private static byte[] getApkDigest(DataSource apk) throws IOException {
    ApkUtils.ZipSections zipSections;
    try {
        zipSections = ApkUtils.findZipSections(apk);
    } catch (ZipFormatException e) {
        throw new IOException("Malformed APK: not a ZIP archive", e);
    }
    final SignatureException v3Exception;
    try {
        return getBestV3Digest(apk, zipSections);
    } catch (SignatureException e) {
        v3Exception = e;
    }
    final SignatureException v2Exception;
    try {
        return getBestV2Digest(apk, zipSections);
    } catch (SignatureException e) {
        v2Exception = e;
    }
    throw new IOException("Failed to obtain v2/v3 digest, v3 exception: " + v3Exception + ", v2 exception: " + v2Exception);
}

Example 8 with ZipFormatException

use of com.android.apksig.zip.ZipFormatException in project apksig by venshine.

the class ApkSigner method parseZipCentralDirectory.

private static List<CentralDirectoryRecord> parseZipCentralDirectory(ByteBuffer cd, ApkUtils.ZipSections apkSections) throws ApkFormatException {
    long cdOffset = apkSections.getZipCentralDirectoryOffset();
    int expectedCdRecordCount = apkSections.getZipCentralDirectoryRecordCount();
    List<CentralDirectoryRecord> cdRecords = new ArrayList<>(expectedCdRecordCount);
    Set<String> entryNames = new HashSet<>(expectedCdRecordCount);
    for (int i = 0; i < expectedCdRecordCount; i++) {
        CentralDirectoryRecord cdRecord;
        int offsetInsideCd = cd.position();
        try {
            cdRecord = CentralDirectoryRecord.getRecord(cd);
        } catch (ZipFormatException e) {
            throw new ApkFormatException("Malformed ZIP Central Directory record #" + (i + 1) + " at file offset " + (cdOffset + offsetInsideCd), e);
        }
        String entryName = cdRecord.getName();
        if (!entryNames.add(entryName)) {
            throw new ApkFormatException("Multiple ZIP entries with the same name: " + entryName);
        }
        cdRecords.add(cdRecord);
    }
    if (cd.hasRemaining()) {
        throw new ApkFormatException("Unused space at the end of ZIP Central Directory: " + cd.remaining() + " bytes starting at file offset " + (cdOffset + cd.position()));
    }
    return cdRecords;
}

Example 9 with ZipFormatException

use of com.android.apksig.zip.ZipFormatException in project apksig by venshine.

the class ApkSigner method sign.

private void sign(DataSource inputApk, DataSink outputApkOut, DataSource outputApkIn) throws IOException, ApkFormatException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
    // Step 1. Find input APK's main ZIP sections
    ApkUtils.ZipSections inputZipSections;
    try {
        inputZipSections = ApkUtils.findZipSections(inputApk);
    } catch (ZipFormatException e) {
        throw new ApkFormatException("Malformed APK: not a ZIP archive", e);
    }
    long inputApkSigningBlockOffset = -1;
    DataSource inputApkSigningBlock = null;
    try {
        ApkUtils.ApkSigningBlock apkSigningBlockInfo = ApkUtils.findApkSigningBlock(inputApk, inputZipSections);
        inputApkSigningBlockOffset = apkSigningBlockInfo.getStartOffset();
        inputApkSigningBlock = apkSigningBlockInfo.getContents();
    } catch (ApkSigningBlockNotFoundException e) {
    // Input APK does not contain an APK Signing Block. That's OK. APKs are not required to
    // contain this block. It's only needed if the APK is signed using APK Signature Scheme
    // v2 and/or v3.
    }
    DataSource inputApkLfhSection = inputApk.slice(0, (inputApkSigningBlockOffset != -1) ? inputApkSigningBlockOffset : inputZipSections.getZipCentralDirectoryOffset());
    // Step 2. Parse the input APK's ZIP Central Directory
    ByteBuffer inputCd = getZipCentralDirectory(inputApk, inputZipSections);
    List<CentralDirectoryRecord> inputCdRecords = parseZipCentralDirectory(inputCd, inputZipSections);
    List<Hints.PatternWithRange> pinPatterns = extractPinPatterns(inputCdRecords, inputApkLfhSection);
    List<Hints.ByteRange> pinByteRanges = pinPatterns == null ? null : new ArrayList<>();
    // Step 3. Obtain a signer engine instance
    ApkSignerEngine signerEngine;
    if (mSignerEngine != null) {
        // Use the provided signer engine
        signerEngine = mSignerEngine;
    } else {
        // Construct a signer engine from the provided parameters
        int minSdkVersion;
        if (mMinSdkVersion != null) {
            // No need to extract minSdkVersion from the APK's AndroidManifest.xml
            minSdkVersion = mMinSdkVersion;
        } else {
            // Need to extract minSdkVersion from the APK's AndroidManifest.xml
            minSdkVersion = getMinSdkVersionFromApk(inputCdRecords, inputApkLfhSection);
        }
        List<DefaultApkSignerEngine.SignerConfig> engineSignerConfigs = new ArrayList<>(mSignerConfigs.size());
        for (SignerConfig signerConfig : mSignerConfigs) {
            engineSignerConfigs.add(new DefaultApkSignerEngine.SignerConfig.Builder(signerConfig.getName(), signerConfig.getPrivateKey(), signerConfig.getCertificates(), signerConfig.getDeterministicDsaSigning()).build());
        }
        DefaultApkSignerEngine.Builder signerEngineBuilder = new DefaultApkSignerEngine.Builder(engineSignerConfigs, minSdkVersion).setV1SigningEnabled(mV1SigningEnabled).setV2SigningEnabled(mV2SigningEnabled).setV3SigningEnabled(mV3SigningEnabled).setVerityEnabled(mVerityEnabled).setDebuggableApkPermitted(mDebuggableApkPermitted).setOtherSignersSignaturesPreserved(mOtherSignersSignaturesPreserved).setSigningCertificateLineage(mSigningCertificateLineage);
        if (mCreatedBy != null) {
            signerEngineBuilder.setCreatedBy(mCreatedBy);
        }
        if (mSourceStampSignerConfig != null) {
            signerEngineBuilder.setStampSignerConfig(new DefaultApkSignerEngine.SignerConfig.Builder(mSourceStampSignerConfig.getName(), mSourceStampSignerConfig.getPrivateKey(), mSourceStampSignerConfig.getCertificates(), mSourceStampSignerConfig.getDeterministicDsaSigning()).build());
        }
        if (mSourceStampSigningCertificateLineage != null) {
            signerEngineBuilder.setSourceStampSigningCertificateLineage(mSourceStampSigningCertificateLineage);
        }
        signerEngine = signerEngineBuilder.build();
    }
    // Step 4. Provide the signer engine with the input APK's APK Signing Block (if any)
    if (inputApkSigningBlock != null) {
        signerEngine.inputApkSigningBlock(inputApkSigningBlock);
    }
    // Step 5. Iterate over input APK's entries and output the Local File Header + data of those
    // entries which need to be output. Entries are iterated in the order in which their Local
    // File Header records are stored in the file. This is to achieve better data locality in
    // case Central Directory entries are in the wrong order.
    List<CentralDirectoryRecord> inputCdRecordsSortedByLfhOffset = new ArrayList<>(inputCdRecords);
    Collections.sort(inputCdRecordsSortedByLfhOffset, CentralDirectoryRecord.BY_LOCAL_FILE_HEADER_OFFSET_COMPARATOR);
    int lastModifiedDateForNewEntries = -1;
    int lastModifiedTimeForNewEntries = -1;
    long inputOffset = 0;
    long outputOffset = 0;
    byte[] sourceStampCertificateDigest = null;
    Map<String, CentralDirectoryRecord> outputCdRecordsByName = new HashMap<>(inputCdRecords.size());
    for (final CentralDirectoryRecord inputCdRecord : inputCdRecordsSortedByLfhOffset) {
        String entryName = inputCdRecord.getName();
        if (Hints.PIN_BYTE_RANGE_ZIP_ENTRY_NAME.equals(entryName)) {
            // We'll re-add below if needed.
            continue;
        }
        if (SOURCE_STAMP_CERTIFICATE_HASH_ZIP_ENTRY_NAME.equals(entryName)) {
            try {
                sourceStampCertificateDigest = LocalFileRecord.getUncompressedData(inputApkLfhSection, inputCdRecord, inputApkLfhSection.size());
            } catch (ZipFormatException ex) {
                throw new ApkFormatException("Bad source stamp entry");
            }
            // Existing source stamp is handled below as needed.
            continue;
        }
        ApkSignerEngine.InputJarEntryInstructions entryInstructions = signerEngine.inputJarEntry(entryName);
        boolean shouldOutput;
        switch(entryInstructions.getOutputPolicy()) {
            case OUTPUT:
                shouldOutput = true;
                break;
            case OUTPUT_BY_ENGINE:
            case SKIP:
                shouldOutput = false;
                break;
            default:
                throw new RuntimeException("Unknown output policy: " + entryInstructions.getOutputPolicy());
        }
        long inputLocalFileHeaderStartOffset = inputCdRecord.getLocalFileHeaderOffset();
        if (inputLocalFileHeaderStartOffset > inputOffset) {
            // Unprocessed data in input starting at inputOffset and ending and the start of
            // this record's LFH. We output this data verbatim because this signer is supposed
            // to preserve as much of input as possible.
            long chunkSize = inputLocalFileHeaderStartOffset - inputOffset;
            inputApkLfhSection.feed(inputOffset, chunkSize, outputApkOut);
            outputOffset += chunkSize;
            inputOffset = inputLocalFileHeaderStartOffset;
        }
        LocalFileRecord inputLocalFileRecord;
        try {
            inputLocalFileRecord = LocalFileRecord.getRecord(inputApkLfhSection, inputCdRecord, inputApkLfhSection.size());
        } catch (ZipFormatException e) {
            throw new ApkFormatException("Malformed ZIP entry: " + inputCdRecord.getName(), e);
        }
        inputOffset += inputLocalFileRecord.getSize();
        ApkSignerEngine.InspectJarEntryRequest inspectEntryRequest = entryInstructions.getInspectJarEntryRequest();
        if (inspectEntryRequest != null) {
            fulfillInspectInputJarEntryRequest(inputApkLfhSection, inputLocalFileRecord, inspectEntryRequest);
        }
        if (shouldOutput) {
            // Find the max value of last modified, to be used for new entries added by the
            // signer.
            int lastModifiedDate = inputCdRecord.getLastModificationDate();
            int lastModifiedTime = inputCdRecord.getLastModificationTime();
            if ((lastModifiedDateForNewEntries == -1) || (lastModifiedDate > lastModifiedDateForNewEntries) || ((lastModifiedDate == lastModifiedDateForNewEntries) && (lastModifiedTime > lastModifiedTimeForNewEntries))) {
                lastModifiedDateForNewEntries = lastModifiedDate;
                lastModifiedTimeForNewEntries = lastModifiedTime;
            }
            inspectEntryRequest = signerEngine.outputJarEntry(entryName);
            if (inspectEntryRequest != null) {
                fulfillInspectInputJarEntryRequest(inputApkLfhSection, inputLocalFileRecord, inspectEntryRequest);
            }
            // Output entry's Local File Header + data
            long outputLocalFileHeaderOffset = outputOffset;
            OutputSizeAndDataOffset outputLfrResult = outputInputJarEntryLfhRecordPreservingDataAlignment(inputApkLfhSection, inputLocalFileRecord, outputApkOut, outputLocalFileHeaderOffset);
            outputOffset += outputLfrResult.outputBytes;
            long outputDataOffset = outputLocalFileHeaderOffset + outputLfrResult.dataOffsetBytes;
            if (pinPatterns != null) {
                boolean pinFileHeader = false;
                for (Hints.PatternWithRange pinPattern : pinPatterns) {
                    if (pinPattern.matcher(inputCdRecord.getName()).matches()) {
                        Hints.ByteRange dataRange = new Hints.ByteRange(outputDataOffset, outputOffset);
                        Hints.ByteRange pinRange = pinPattern.ClampToAbsoluteByteRange(dataRange);
                        if (pinRange != null) {
                            pinFileHeader = true;
                            pinByteRanges.add(pinRange);
                        }
                    }
                }
                if (pinFileHeader) {
                    pinByteRanges.add(new Hints.ByteRange(outputLocalFileHeaderOffset, outputDataOffset));
                }
            }
            // Enqueue entry's Central Directory record for output
            CentralDirectoryRecord outputCdRecord;
            if (outputLocalFileHeaderOffset == inputLocalFileRecord.getStartOffsetInArchive()) {
                outputCdRecord = inputCdRecord;
            } else {
                outputCdRecord = inputCdRecord.createWithModifiedLocalFileHeaderOffset(outputLocalFileHeaderOffset);
            }
            outputCdRecordsByName.put(entryName, outputCdRecord);
        }
    }
    long inputLfhSectionSize = inputApkLfhSection.size();
    if (inputOffset < inputLfhSectionSize) {
        // Unprocessed data in input starting at inputOffset and ending and the end of the input
        // APK's LFH section. We output this data verbatim because this signer is supposed
        // to preserve as much of input as possible.
        long chunkSize = inputLfhSectionSize - inputOffset;
        inputApkLfhSection.feed(inputOffset, chunkSize, outputApkOut);
        outputOffset += chunkSize;
        inputOffset = inputLfhSectionSize;
    }
    // Step 6. Sort output APK's Central Directory records in the order in which they should
    // appear in the output
    List<CentralDirectoryRecord> outputCdRecords = new ArrayList<>(inputCdRecords.size() + 10);
    for (CentralDirectoryRecord inputCdRecord : inputCdRecords) {
        String entryName = inputCdRecord.getName();
        CentralDirectoryRecord outputCdRecord = outputCdRecordsByName.get(entryName);
        if (outputCdRecord != null) {
            outputCdRecords.add(outputCdRecord);
        }
    }
    if (lastModifiedDateForNewEntries == -1) {
        // Jan 1 2009 (DOS)
        lastModifiedDateForNewEntries = 0x3a21;
        lastModifiedTimeForNewEntries = 0;
    }
    // records.
    if (signerEngine.isEligibleForSourceStamp()) {
        byte[] uncompressedData = signerEngine.generateSourceStampCertificateDigest();
        if (mForceSourceStampOverwrite || sourceStampCertificateDigest == null || Arrays.equals(uncompressedData, sourceStampCertificateDigest)) {
            outputOffset += outputDataToOutputApk(SOURCE_STAMP_CERTIFICATE_HASH_ZIP_ENTRY_NAME, uncompressedData, outputOffset, outputCdRecords, lastModifiedTimeForNewEntries, lastModifiedDateForNewEntries, outputApkOut);
        } else {
            throw new ApkFormatException(String.format("Cannot generate SourceStamp. APK contains an existing entry with" + " the name: %s, and it is different than the provided source" + " stamp certificate", SOURCE_STAMP_CERTIFICATE_HASH_ZIP_ENTRY_NAME));
        }
    }
    // This has to be before the step 8 so that the file is signed.
    if (pinByteRanges != null) {
        // Covers JAR signature and zip central dir entry.
        // The signature files don't have to be pinned, but pinning them isn't that wasteful
        // since the total size is small.
        pinByteRanges.add(new Hints.ByteRange(outputOffset, Long.MAX_VALUE));
        String entryName = Hints.PIN_BYTE_RANGE_ZIP_ENTRY_NAME;
        byte[] uncompressedData = Hints.encodeByteRangeList(pinByteRanges);
        requestOutputEntryInspection(signerEngine, entryName, uncompressedData);
        outputOffset += outputDataToOutputApk(entryName, uncompressedData, outputOffset, outputCdRecords, lastModifiedTimeForNewEntries, lastModifiedDateForNewEntries, outputApkOut);
    }
    // Step 8. Generate and output JAR signatures, if necessary. This may output more Local File
    // Header + data entries and add to the list of output Central Directory records.
    ApkSignerEngine.OutputJarSignatureRequest outputJarSignatureRequest = signerEngine.outputJarEntries();
    if (outputJarSignatureRequest != null) {
        for (ApkSignerEngine.OutputJarSignatureRequest.JarEntry entry : outputJarSignatureRequest.getAdditionalJarEntries()) {
            String entryName = entry.getName();
            byte[] uncompressedData = entry.getData();
            requestOutputEntryInspection(signerEngine, entryName, uncompressedData);
            outputOffset += outputDataToOutputApk(entryName, uncompressedData, outputOffset, outputCdRecords, lastModifiedTimeForNewEntries, lastModifiedDateForNewEntries, outputApkOut);
        }
        outputJarSignatureRequest.done();
    }
    // Step 9. Construct output ZIP Central Directory in an in-memory buffer
    long outputCentralDirSizeBytes = 0;
    for (CentralDirectoryRecord record : outputCdRecords) {
        outputCentralDirSizeBytes += record.getSize();
    }
    if (outputCentralDirSizeBytes > Integer.MAX_VALUE) {
        throw new IOException("Output ZIP Central Directory too large: " + outputCentralDirSizeBytes + " bytes");
    }
    ByteBuffer outputCentralDir = ByteBuffer.allocate((int) outputCentralDirSizeBytes);
    for (CentralDirectoryRecord record : outputCdRecords) {
        record.copyTo(outputCentralDir);
    }
    outputCentralDir.flip();
    DataSource outputCentralDirDataSource = new ByteBufferDataSource(outputCentralDir);
    long outputCentralDirStartOffset = outputOffset;
    int outputCentralDirRecordCount = outputCdRecords.size();
    // Step 10. Construct output ZIP End of Central Directory record in an in-memory buffer
    ByteBuffer outputEocd = EocdRecord.createWithModifiedCentralDirectoryInfo(inputZipSections.getZipEndOfCentralDirectory(), outputCentralDirRecordCount, outputCentralDirDataSource.size(), outputCentralDirStartOffset);
    // Step 11. Generate and output APK Signature Scheme v2 and/or v3 signatures and/or
    // SourceStamp signatures, if necessary.
    // This may insert an APK Signing Block just before the output's ZIP Central Directory
    ApkSignerEngine.OutputApkSigningBlockRequest2 outputApkSigningBlockRequest = signerEngine.outputZipSections2(outputApkIn, outputCentralDirDataSource, DataSources.asDataSource(outputEocd));
    if (outputApkSigningBlockRequest != null) {
        int padding = outputApkSigningBlockRequest.getPaddingSizeBeforeApkSigningBlock();
        outputApkOut.consume(ByteBuffer.allocate(padding));
        byte[] outputApkSigningBlock = outputApkSigningBlockRequest.getApkSigningBlock();
        outputApkOut.consume(outputApkSigningBlock, 0, outputApkSigningBlock.length);
        ZipUtils.setZipEocdCentralDirectoryOffset(outputEocd, outputCentralDirStartOffset + padding + outputApkSigningBlock.length);
        outputApkSigningBlockRequest.done();
    }
    // Step 12. Output ZIP Central Directory and ZIP End of Central Directory
    outputCentralDirDataSource.feed(0, outputCentralDirDataSource.size(), outputApkOut);
    outputApkOut.consume(outputEocd);
    signerEngine.outputDone();
    // Step 13. Generate and output APK Signature Scheme v4 signatures, if necessary.
    if (mV4SigningEnabled) {
        signerEngine.signV4(outputApkIn, mOutputV4File, !mV4ErrorReportingEnabled);
    }
}

Example 10 with ZipFormatException

use of com.android.apksig.zip.ZipFormatException in project apksig by venshine.

the class CentralDirectoryRecord method getRecord.

/**
 * Returns the Central Directory Record starting at the current position of the provided buffer
 * and advances the buffer's position immediately past the end of the record.
 */
public static CentralDirectoryRecord getRecord(ByteBuffer buf) throws ZipFormatException {
    ZipUtils.assertByteOrderLittleEndian(buf);
    if (buf.remaining() < HEADER_SIZE_BYTES) {
        throw new ZipFormatException("Input too short. Need at least: " + HEADER_SIZE_BYTES + " bytes, available: " + buf.remaining() + " bytes", new BufferUnderflowException());
    }
    int originalPosition = buf.position();
    int recordSignature = buf.getInt();
    if (recordSignature != RECORD_SIGNATURE) {
        throw new ZipFormatException("Not a Central Directory record. Signature: 0x" + Long.toHexString(recordSignature & 0xffffffffL));
    }
    buf.position(originalPosition + GP_FLAGS_OFFSET);
    short gpFlags = buf.getShort();
    short compressionMethod = buf.getShort();
    int lastModificationTime = ZipUtils.getUnsignedInt16(buf);
    int lastModificationDate = ZipUtils.getUnsignedInt16(buf);
    long crc32 = ZipUtils.getUnsignedInt32(buf);
    long compressedSize = ZipUtils.getUnsignedInt32(buf);
    long uncompressedSize = ZipUtils.getUnsignedInt32(buf);
    int nameSize = ZipUtils.getUnsignedInt16(buf);
    int extraSize = ZipUtils.getUnsignedInt16(buf);
    int commentSize = ZipUtils.getUnsignedInt16(buf);
    buf.position(originalPosition + LOCAL_FILE_HEADER_OFFSET_OFFSET);
    long localFileHeaderOffset = ZipUtils.getUnsignedInt32(buf);
    buf.position(originalPosition);
    int recordSize = HEADER_SIZE_BYTES + nameSize + extraSize + commentSize;
    if (recordSize > buf.remaining()) {
        throw new ZipFormatException("Input too short. Need: " + recordSize + " bytes, available: " + buf.remaining() + " bytes", new BufferUnderflowException());
    }
    String name = getName(buf, originalPosition + NAME_OFFSET, nameSize);
    buf.position(originalPosition);
    int originalLimit = buf.limit();
    int recordEndInBuf = originalPosition + recordSize;
    ByteBuffer recordBuf;
    try {
        buf.limit(recordEndInBuf);
        recordBuf = buf.slice();
    } finally {
        buf.limit(originalLimit);
    }
    // Consume this record
    buf.position(recordEndInBuf);
    return new CentralDirectoryRecord(recordBuf, gpFlags, compressionMethod, lastModificationTime, lastModificationDate, crc32, compressedSize, uncompressedSize, localFileHeaderOffset, name, nameSize);
}