Fixed
Status Update
Comments
kl...@google.com <kl...@google.com> #2
A workaround is to use Java 8.
ap...@google.com <ap...@google.com> #3
Project: platform/tools/apksig
Branch: master
commit 3222d6c8a40307c4912ab80d666dcb6846840dea
Author: Alex Klyubin <klyubin@google.com>
Date: Tue May 02 14:39:54 2017
Add first batch of tests for ApkVerifier
These tests are based on Android Package Manager CTS tests. See
cts/hostsidetests/appsecurity/src/android/appsecurity/cts/PkgInstallSignatureVerificationTest.java
Test: bazel test ...
Test: gradlew test
Bug: 37137869
Change-Id: I9a077283600271a0efa0ef3e5d271918711df66c
M BUILD
M src/test/java/com/android/apksig/AllTests.java
A src/test/java/com/android/apksig/ApkVerifierTest.java
A src/test/resources/com/android/apksig/dsa-1024.pk8
A src/test/resources/com/android/apksig/dsa-1024.x509.pem
A src/test/resources/com/android/apksig/dsa-2048.pk8
A src/test/resources/com/android/apksig/dsa-2048.x509.pem
A src/test/resources/com/android/apksig/dsa-3072.pk8
A src/test/resources/com/android/apksig/dsa-3072.x509.pem
A src/test/resources/com/android/apksig/ec-p256.pk8
A src/test/resources/com/android/apksig/ec-p256.x509.pem
A src/test/resources/com/android/apksig/ec-p384.pk8
A src/test/resources/com/android/apksig/ec-p384.x509.pem
A src/test/resources/com/android/apksig/ec-p521.pk8
A src/test/resources/com/android/apksig/ec-p521.x509.pem
A src/test/resources/com/android/apksig/empty-unsigned.apk
A src/test/resources/com/android/apksig/original.apk
A src/test/resources/com/android/apksig/rsa-1024.pk8
A src/test/resources/com/android/apksig/rsa-1024.x509.pem
A src/test/resources/com/android/apksig/rsa-16384.pk8
A src/test/resources/com/android/apksig/rsa-16384.x509.pem
A src/test/resources/com/android/apksig/rsa-2048.pk8
A src/test/resources/com/android/apksig/rsa-2048.x509.pem
A src/test/resources/com/android/apksig/rsa-3072.pk8
A src/test/resources/com/android/apksig/rsa-3072.x509.pem
A src/test/resources/com/android/apksig/rsa-4096.pk8
A src/test/resources/com/android/apksig/rsa-4096.x509.pem
A src/test/resources/com/android/apksig/rsa-8192.pk8
A src/test/resources/com/android/apksig/rsa-8192.x509.pem
A src/test/resources/com/android/apksig/two-signers-second-signer-v2-broken.apk
A src/test/resources/com/android/apksig/two-signers.apk
A src/test/resources/com/android/apksig/unsigned-ephemeral.apk
A src/test/resources/com/android/apksig/v1-only-empty.apk
A src/test/resources/com/android/apksig/v1-only-ephemeral.apk
A src/test/resources/com/android/apksig/v1-only-max-sized-eocd-comment.apk
A src/test/resources/com/android/apksig/v1-only-pkcs7-cert-bag-first-cert-not-used.apk
A src/test/resources/com/android/apksig/v1-only-two-signers.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha1-1.2.840.10040.4.1-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha1-1.2.840.10040.4.1-2048.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha1-1.2.840.10040.4.1-3072.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha1-1.2.840.10040.4.3-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha1-1.2.840.10040.4.3-2048.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha1-1.2.840.10040.4.3-3072.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha224-1.2.840.10040.4.1-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha224-1.2.840.10040.4.1-2048.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha224-1.2.840.10040.4.1-3072.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha224-2.16.840.1.101.3.4.3.1-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha224-2.16.840.1.101.3.4.3.1-2048.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha224-2.16.840.1.101.3.4.3.1-3072.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha256-1.2.840.10040.4.1-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha256-1.2.840.10040.4.1-2048.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha256-1.2.840.10040.4.1-3072.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha256-2.16.840.1.101.3.4.3.2-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha256-2.16.840.1.101.3.4.3.2-2048.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha256-2.16.840.1.101.3.4.3.2-3072.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha384-2.16.840.1.101.3.4.3.3-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha384-2.16.840.1.101.3.4.3.3-2048.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha384-2.16.840.1.101.3.4.3.3-3072.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha512-2.16.840.1.101.3.4.3.4-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha512-2.16.840.1.101.3.4.3.4-2048.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha512-2.16.840.1.101.3.4.3.4-3072.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha1-1.2.840.10045.2.1-p256.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha1-1.2.840.10045.2.1-p384.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha1-1.2.840.10045.2.1-p521.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha1-1.2.840.10045.4.1-p256.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha1-1.2.840.10045.4.1-p384.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha1-1.2.840.10045.4.1-p521.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha224-1.2.840.10045.2.1-p256.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha224-1.2.840.10045.2.1-p384.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha224-1.2.840.10045.2.1-p521.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha224-1.2.840.10045.4.3.1-p256.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha224-1.2.840.10045.4.3.1-p384.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha224-1.2.840.10045.4.3.1-p521.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha256-1.2.840.10045.2.1-p256.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha256-1.2.840.10045.2.1-p384.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha256-1.2.840.10045.2.1-p521.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha256-1.2.840.10045.4.3.2-p256.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha256-1.2.840.10045.4.3.2-p384.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha256-1.2.840.10045.4.3.2-p521.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha384-1.2.840.10045.2.1-p256.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha384-1.2.840.10045.2.1-p384.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha384-1.2.840.10045.2.1-p521.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha384-1.2.840.10045.4.3.3-p256.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha384-1.2.840.10045.4.3.3-p384.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha384-1.2.840.10045.4.3.3-p521.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha512-1.2.840.10045.2.1-p256.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha512-1.2.840.10045.2.1-p384.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha512-1.2.840.10045.2.1-p521.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha512-1.2.840.10045.4.3.4-p256.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha512-1.2.840.10045.4.3.4-p384.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha512-1.2.840.10045.4.3.4-p521.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-1024-cert-not-der.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-md5-1.2.840.113549.1.1.1-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-md5-1.2.840.113549.1.1.1-16384.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-md5-1.2.840.113549.1.1.1-2048.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-md5-1.2.840.113549.1.1.1-3072.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-md5-1.2.840.113549.1.1.1-4096.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-md5-1.2.840.113549.1.1.1-8192.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-md5-1.2.840.113549.1.1.4-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-md5-1.2.840.113549.1.1.4-16384.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-md5-1.2.840.113549.1.1.4-2048.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-md5-1.2.840.113549.1.1.4-3072.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-md5-1.2.840.113549.1.1.4-4096.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-md5-1.2.840.113549.1.1.4-8192.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha1-1.2.840.113549.1.1.1-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha1-1.2.840.113549.1.1.1-16384.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha1-1.2.840.113549.1.1.1-2048.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha1-1.2.840.113549.1.1.1-3072.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha1-1.2.840.113549.1.1.1-4096.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha1-1.2.840.113549.1.1.1-8192.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha1-1.2.840.113549.1.1.5-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha1-1.2.840.113549.1.1.5-16384.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha1-1.2.840.113549.1.1.5-2048.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha1-1.2.840.113549.1.1.5-3072.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha1-1.2.840.113549.1.1.5-4096.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha1-1.2.840.113549.1.1.5-8192.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha224-1.2.840.113549.1.1.1-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha224-1.2.840.113549.1.1.1-16384.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha224-1.2.840.113549.1.1.1-2048.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha224-1.2.840.113549.1.1.1-3072.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha224-1.2.840.113549.1.1.1-4096.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha224-1.2.840.113549.1.1.1-8192.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha224-1.2.840.113549.1.1.14-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha224-1.2.840.113549.1.1.14-16384.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha224-1.2.840.113549.1.1.14-2048.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha224-1.2.840.113549.1.1.14-3072.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha224-1.2.840.113549.1.1.14-4096.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha224-1.2.840.113549.1.1.14-8192.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha256-1.2.840.113549.1.1.1-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha256-1.2.840.113549.1.1.1-16384.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha256-1.2.840.113549.1.1.1-2048.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha256-1.2.840.113549.1.1.1-3072.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha256-1.2.840.113549.1.1.1-4096.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha256-1.2.840.113549.1.1.1-8192.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha256-1.2.840.113549.1.1.11-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha256-1.2.840.113549.1.1.11-16384.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha256-1.2.840.113549.1.1.11-2048.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha256-1.2.840.113549.1.1.11-3072.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha256-1.2.840.113549.1.1.11-4096.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha256-1.2.840.113549.1.1.11-8192.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha384-1.2.840.113549.1.1.1-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha384-1.2.840.113549.1.1.1-16384.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha384-1.2.840.113549.1.1.1-2048.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha384-1.2.840.113549.1.1.1-3072.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha384-1.2.840.113549.1.1.1-4096.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha384-1.2.840.113549.1.1.1-8192.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha384-1.2.840.113549.1.1.12-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha384-1.2.840.113549.1.1.12-16384.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha384-1.2.840.113549.1.1.12-2048.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha384-1.2.840.113549.1.1.12-3072.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha384-1.2.840.113549.1.1.12-4096.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha384-1.2.840.113549.1.1.12-8192.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha512-1.2.840.113549.1.1.1-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha512-1.2.840.113549.1.1.1-16384.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha512-1.2.840.113549.1.1.1-2048.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha512-1.2.840.113549.1.1.1-3072.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha512-1.2.840.113549.1.1.1-4096.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha512-1.2.840.113549.1.1.1-8192.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha512-1.2.840.113549.1.1.13-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha512-1.2.840.113549.1.1.13-16384.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha512-1.2.840.113549.1.1.13-2048.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha512-1.2.840.113549.1.1.13-3072.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha512-1.2.840.113549.1.1.13-4096.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha512-1.2.840.113549.1.1.13-8192.apk
A src/test/resources/com/android/apksig/v1-v2-ephemeral.apk
A src/test/resources/com/android/apksig/v1-with-apk-sig-block-but-without-apk-sig-scheme-v2-block.apk
A src/test/resources/com/android/apksig/v2-only-apk-sig-block-size-mismatch.apk
A src/test/resources/com/android/apksig/v2-only-cert-and-public-key-mismatch.apk
A src/test/resources/com/android/apksig/v2-only-empty.apk
A src/test/resources/com/android/apksig/v2-only-ephemeral.apk
A src/test/resources/com/android/apksig/v2-only-garbage-between-cd-and-eocd.apk
A src/test/resources/com/android/apksig/v2-only-max-sized-eocd-comment.apk
A src/test/resources/com/android/apksig/v2-only-missing-classes.dex.apk
A src/test/resources/com/android/apksig/v2-only-no-certs-in-sig.apk
A src/test/resources/com/android/apksig/v2-only-signatures-and-digests-block-mismatch.apk
A src/test/resources/com/android/apksig/v2-only-truncated-cd.apk
A src/test/resources/com/android/apksig/v2-only-two-signers-second-signer-no-sig.apk
A src/test/resources/com/android/apksig/v2-only-two-signers-second-signer-no-supported-sig.apk
A src/test/resources/com/android/apksig/v2-only-two-signers.apk
A src/test/resources/com/android/apksig/v2-only-unknown-pair-in-apk-sig-block.apk
A src/test/resources/com/android/apksig/v2-only-with-dsa-sha256-1024-sig-does-not-verify.apk
A src/test/resources/com/android/apksig/v2-only-with-dsa-sha256-1024.apk
A src/test/resources/com/android/apksig/v2-only-with-dsa-sha256-2048.apk
A src/test/resources/com/android/apksig/v2-only-with-dsa-sha256-3072.apk
A src/test/resources/com/android/apksig/v2-only-with-ecdsa-sha256-p256-digest-mismatch.apk
A src/test/resources/com/android/apksig/v2-only-with-ecdsa-sha256-p256-sig-does-not-verify.apk
A src/test/resources/com/android/apksig/v2-only-with-ecdsa-sha256-p256.apk
A src/test/resources/com/android/apksig/v2-only-with-ecdsa-sha256-p384.apk
A src/test/resources/com/android/apksig/v2-only-with-ecdsa-sha256-p521.apk
A src/test/resources/com/android/apksig/v2-only-with-ecdsa-sha512-p256.apk
A src/test/resources/com/android/apksig/v2-only-with-ecdsa-sha512-p384.apk
A src/test/resources/com/android/apksig/v2-only-with-ecdsa-sha512-p521.apk
A src/test/resources/com/android/apksig/v2-only-with-ignorable-unsupported-sig-algs.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pkcs1-sha256-1024-cert-not-der.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pkcs1-sha256-1024.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pkcs1-sha256-16384.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pkcs1-sha256-2048-sig-does-not-verify.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pkcs1-sha256-2048.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pkcs1-sha256-3072.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pkcs1-sha256-4096.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pkcs1-sha256-8192.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pkcs1-sha512-1024.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pkcs1-sha512-16384.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pkcs1-sha512-2048.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pkcs1-sha512-3072.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pkcs1-sha512-4096-digest-mismatch.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pkcs1-sha512-4096.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pkcs1-sha512-8192.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pss-sha256-1024.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pss-sha256-16384.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pss-sha256-2048-sig-does-not-verify.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pss-sha256-2048.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pss-sha256-3072.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pss-sha256-4096.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pss-sha256-8192.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pss-sha512-16384.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pss-sha512-2048.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pss-sha512-3072.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pss-sha512-4096.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pss-sha512-8192.apk
A src/test/resources/com/android/apksig/v2-only-wrong-apk-sig-block-magic.apk
A src/test/resources/com/android/apksig/v2-stripped-with-ignorable-signing-schemes.apk
A src/test/resources/com/android/apksig/v2-stripped.apk
https://android-review.googlesource.com/387374
https://goto.google.com/android-sha1/3222d6c8a40307c4912ab80d666dcb6846840dea
Branch: master
commit 3222d6c8a40307c4912ab80d666dcb6846840dea
Author: Alex Klyubin <klyubin@google.com>
Date: Tue May 02 14:39:54 2017
Add first batch of tests for ApkVerifier
These tests are based on Android Package Manager CTS tests. See
cts/hostsidetests/appsecurity/src/android/appsecurity/cts/PkgInstallSignatureVerificationTest.java
Test: bazel test ...
Test: gradlew test
Bug: 37137869
Change-Id: I9a077283600271a0efa0ef3e5d271918711df66c
M BUILD
M src/test/java/com/android/apksig/AllTests.java
A src/test/java/com/android/apksig/ApkVerifierTest.java
A src/test/resources/com/android/apksig/dsa-1024.pk8
A src/test/resources/com/android/apksig/dsa-1024.x509.pem
A src/test/resources/com/android/apksig/dsa-2048.pk8
A src/test/resources/com/android/apksig/dsa-2048.x509.pem
A src/test/resources/com/android/apksig/dsa-3072.pk8
A src/test/resources/com/android/apksig/dsa-3072.x509.pem
A src/test/resources/com/android/apksig/ec-p256.pk8
A src/test/resources/com/android/apksig/ec-p256.x509.pem
A src/test/resources/com/android/apksig/ec-p384.pk8
A src/test/resources/com/android/apksig/ec-p384.x509.pem
A src/test/resources/com/android/apksig/ec-p521.pk8
A src/test/resources/com/android/apksig/ec-p521.x509.pem
A src/test/resources/com/android/apksig/empty-unsigned.apk
A src/test/resources/com/android/apksig/original.apk
A src/test/resources/com/android/apksig/rsa-1024.pk8
A src/test/resources/com/android/apksig/rsa-1024.x509.pem
A src/test/resources/com/android/apksig/rsa-16384.pk8
A src/test/resources/com/android/apksig/rsa-16384.x509.pem
A src/test/resources/com/android/apksig/rsa-2048.pk8
A src/test/resources/com/android/apksig/rsa-2048.x509.pem
A src/test/resources/com/android/apksig/rsa-3072.pk8
A src/test/resources/com/android/apksig/rsa-3072.x509.pem
A src/test/resources/com/android/apksig/rsa-4096.pk8
A src/test/resources/com/android/apksig/rsa-4096.x509.pem
A src/test/resources/com/android/apksig/rsa-8192.pk8
A src/test/resources/com/android/apksig/rsa-8192.x509.pem
A src/test/resources/com/android/apksig/two-signers-second-signer-v2-broken.apk
A src/test/resources/com/android/apksig/two-signers.apk
A src/test/resources/com/android/apksig/unsigned-ephemeral.apk
A src/test/resources/com/android/apksig/v1-only-empty.apk
A src/test/resources/com/android/apksig/v1-only-ephemeral.apk
A src/test/resources/com/android/apksig/v1-only-max-sized-eocd-comment.apk
A src/test/resources/com/android/apksig/v1-only-pkcs7-cert-bag-first-cert-not-used.apk
A src/test/resources/com/android/apksig/v1-only-two-signers.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha1-1.2.840.10040.4.1-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha1-1.2.840.10040.4.1-2048.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha1-1.2.840.10040.4.1-3072.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha1-1.2.840.10040.4.3-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha1-1.2.840.10040.4.3-2048.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha1-1.2.840.10040.4.3-3072.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha224-1.2.840.10040.4.1-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha224-1.2.840.10040.4.1-2048.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha224-1.2.840.10040.4.1-3072.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha224-2.16.840.1.101.3.4.3.1-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha224-2.16.840.1.101.3.4.3.1-2048.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha224-2.16.840.1.101.3.4.3.1-3072.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha256-1.2.840.10040.4.1-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha256-1.2.840.10040.4.1-2048.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha256-1.2.840.10040.4.1-3072.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha256-2.16.840.1.101.3.4.3.2-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha256-2.16.840.1.101.3.4.3.2-2048.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha256-2.16.840.1.101.3.4.3.2-3072.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha384-2.16.840.1.101.3.4.3.3-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha384-2.16.840.1.101.3.4.3.3-2048.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha384-2.16.840.1.101.3.4.3.3-3072.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha512-2.16.840.1.101.3.4.3.4-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha512-2.16.840.1.101.3.4.3.4-2048.apk
A src/test/resources/com/android/apksig/v1-only-with-dsa-sha512-2.16.840.1.101.3.4.3.4-3072.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha1-1.2.840.10045.2.1-p256.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha1-1.2.840.10045.2.1-p384.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha1-1.2.840.10045.2.1-p521.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha1-1.2.840.10045.4.1-p256.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha1-1.2.840.10045.4.1-p384.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha1-1.2.840.10045.4.1-p521.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha224-1.2.840.10045.2.1-p256.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha224-1.2.840.10045.2.1-p384.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha224-1.2.840.10045.2.1-p521.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha224-1.2.840.10045.4.3.1-p256.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha224-1.2.840.10045.4.3.1-p384.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha224-1.2.840.10045.4.3.1-p521.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha256-1.2.840.10045.2.1-p256.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha256-1.2.840.10045.2.1-p384.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha256-1.2.840.10045.2.1-p521.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha256-1.2.840.10045.4.3.2-p256.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha256-1.2.840.10045.4.3.2-p384.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha256-1.2.840.10045.4.3.2-p521.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha384-1.2.840.10045.2.1-p256.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha384-1.2.840.10045.2.1-p384.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha384-1.2.840.10045.2.1-p521.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha384-1.2.840.10045.4.3.3-p256.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha384-1.2.840.10045.4.3.3-p384.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha384-1.2.840.10045.4.3.3-p521.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha512-1.2.840.10045.2.1-p256.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha512-1.2.840.10045.2.1-p384.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha512-1.2.840.10045.2.1-p521.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha512-1.2.840.10045.4.3.4-p256.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha512-1.2.840.10045.4.3.4-p384.apk
A src/test/resources/com/android/apksig/v1-only-with-ecdsa-sha512-1.2.840.10045.4.3.4-p521.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-1024-cert-not-der.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-md5-1.2.840.113549.1.1.1-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-md5-1.2.840.113549.1.1.1-16384.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-md5-1.2.840.113549.1.1.1-2048.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-md5-1.2.840.113549.1.1.1-3072.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-md5-1.2.840.113549.1.1.1-4096.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-md5-1.2.840.113549.1.1.1-8192.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-md5-1.2.840.113549.1.1.4-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-md5-1.2.840.113549.1.1.4-16384.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-md5-1.2.840.113549.1.1.4-2048.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-md5-1.2.840.113549.1.1.4-3072.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-md5-1.2.840.113549.1.1.4-4096.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-md5-1.2.840.113549.1.1.4-8192.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha1-1.2.840.113549.1.1.1-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha1-1.2.840.113549.1.1.1-16384.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha1-1.2.840.113549.1.1.1-2048.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha1-1.2.840.113549.1.1.1-3072.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha1-1.2.840.113549.1.1.1-4096.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha1-1.2.840.113549.1.1.1-8192.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha1-1.2.840.113549.1.1.5-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha1-1.2.840.113549.1.1.5-16384.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha1-1.2.840.113549.1.1.5-2048.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha1-1.2.840.113549.1.1.5-3072.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha1-1.2.840.113549.1.1.5-4096.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha1-1.2.840.113549.1.1.5-8192.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha224-1.2.840.113549.1.1.1-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha224-1.2.840.113549.1.1.1-16384.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha224-1.2.840.113549.1.1.1-2048.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha224-1.2.840.113549.1.1.1-3072.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha224-1.2.840.113549.1.1.1-4096.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha224-1.2.840.113549.1.1.1-8192.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha224-1.2.840.113549.1.1.14-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha224-1.2.840.113549.1.1.14-16384.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha224-1.2.840.113549.1.1.14-2048.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha224-1.2.840.113549.1.1.14-3072.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha224-1.2.840.113549.1.1.14-4096.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha224-1.2.840.113549.1.1.14-8192.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha256-1.2.840.113549.1.1.1-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha256-1.2.840.113549.1.1.1-16384.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha256-1.2.840.113549.1.1.1-2048.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha256-1.2.840.113549.1.1.1-3072.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha256-1.2.840.113549.1.1.1-4096.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha256-1.2.840.113549.1.1.1-8192.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha256-1.2.840.113549.1.1.11-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha256-1.2.840.113549.1.1.11-16384.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha256-1.2.840.113549.1.1.11-2048.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha256-1.2.840.113549.1.1.11-3072.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha256-1.2.840.113549.1.1.11-4096.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha256-1.2.840.113549.1.1.11-8192.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha384-1.2.840.113549.1.1.1-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha384-1.2.840.113549.1.1.1-16384.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha384-1.2.840.113549.1.1.1-2048.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha384-1.2.840.113549.1.1.1-3072.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha384-1.2.840.113549.1.1.1-4096.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha384-1.2.840.113549.1.1.1-8192.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha384-1.2.840.113549.1.1.12-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha384-1.2.840.113549.1.1.12-16384.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha384-1.2.840.113549.1.1.12-2048.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha384-1.2.840.113549.1.1.12-3072.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha384-1.2.840.113549.1.1.12-4096.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha384-1.2.840.113549.1.1.12-8192.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha512-1.2.840.113549.1.1.1-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha512-1.2.840.113549.1.1.1-16384.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha512-1.2.840.113549.1.1.1-2048.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha512-1.2.840.113549.1.1.1-3072.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha512-1.2.840.113549.1.1.1-4096.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha512-1.2.840.113549.1.1.1-8192.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha512-1.2.840.113549.1.1.13-1024.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha512-1.2.840.113549.1.1.13-16384.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha512-1.2.840.113549.1.1.13-2048.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha512-1.2.840.113549.1.1.13-3072.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha512-1.2.840.113549.1.1.13-4096.apk
A src/test/resources/com/android/apksig/v1-only-with-rsa-pkcs1-sha512-1.2.840.113549.1.1.13-8192.apk
A src/test/resources/com/android/apksig/v1-v2-ephemeral.apk
A src/test/resources/com/android/apksig/v1-with-apk-sig-block-but-without-apk-sig-scheme-v2-block.apk
A src/test/resources/com/android/apksig/v2-only-apk-sig-block-size-mismatch.apk
A src/test/resources/com/android/apksig/v2-only-cert-and-public-key-mismatch.apk
A src/test/resources/com/android/apksig/v2-only-empty.apk
A src/test/resources/com/android/apksig/v2-only-ephemeral.apk
A src/test/resources/com/android/apksig/v2-only-garbage-between-cd-and-eocd.apk
A src/test/resources/com/android/apksig/v2-only-max-sized-eocd-comment.apk
A src/test/resources/com/android/apksig/v2-only-missing-classes.dex.apk
A src/test/resources/com/android/apksig/v2-only-no-certs-in-sig.apk
A src/test/resources/com/android/apksig/v2-only-signatures-and-digests-block-mismatch.apk
A src/test/resources/com/android/apksig/v2-only-truncated-cd.apk
A src/test/resources/com/android/apksig/v2-only-two-signers-second-signer-no-sig.apk
A src/test/resources/com/android/apksig/v2-only-two-signers-second-signer-no-supported-sig.apk
A src/test/resources/com/android/apksig/v2-only-two-signers.apk
A src/test/resources/com/android/apksig/v2-only-unknown-pair-in-apk-sig-block.apk
A src/test/resources/com/android/apksig/v2-only-with-dsa-sha256-1024-sig-does-not-verify.apk
A src/test/resources/com/android/apksig/v2-only-with-dsa-sha256-1024.apk
A src/test/resources/com/android/apksig/v2-only-with-dsa-sha256-2048.apk
A src/test/resources/com/android/apksig/v2-only-with-dsa-sha256-3072.apk
A src/test/resources/com/android/apksig/v2-only-with-ecdsa-sha256-p256-digest-mismatch.apk
A src/test/resources/com/android/apksig/v2-only-with-ecdsa-sha256-p256-sig-does-not-verify.apk
A src/test/resources/com/android/apksig/v2-only-with-ecdsa-sha256-p256.apk
A src/test/resources/com/android/apksig/v2-only-with-ecdsa-sha256-p384.apk
A src/test/resources/com/android/apksig/v2-only-with-ecdsa-sha256-p521.apk
A src/test/resources/com/android/apksig/v2-only-with-ecdsa-sha512-p256.apk
A src/test/resources/com/android/apksig/v2-only-with-ecdsa-sha512-p384.apk
A src/test/resources/com/android/apksig/v2-only-with-ecdsa-sha512-p521.apk
A src/test/resources/com/android/apksig/v2-only-with-ignorable-unsupported-sig-algs.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pkcs1-sha256-1024-cert-not-der.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pkcs1-sha256-1024.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pkcs1-sha256-16384.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pkcs1-sha256-2048-sig-does-not-verify.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pkcs1-sha256-2048.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pkcs1-sha256-3072.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pkcs1-sha256-4096.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pkcs1-sha256-8192.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pkcs1-sha512-1024.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pkcs1-sha512-16384.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pkcs1-sha512-2048.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pkcs1-sha512-3072.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pkcs1-sha512-4096-digest-mismatch.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pkcs1-sha512-4096.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pkcs1-sha512-8192.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pss-sha256-1024.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pss-sha256-16384.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pss-sha256-2048-sig-does-not-verify.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pss-sha256-2048.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pss-sha256-3072.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pss-sha256-4096.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pss-sha256-8192.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pss-sha512-16384.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pss-sha512-2048.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pss-sha512-3072.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pss-sha512-4096.apk
A src/test/resources/com/android/apksig/v2-only-with-rsa-pss-sha512-8192.apk
A src/test/resources/com/android/apksig/v2-only-wrong-apk-sig-block-magic.apk
A src/test/resources/com/android/apksig/v2-stripped-with-ignorable-signing-schemes.apk
A src/test/resources/com/android/apksig/v2-stripped.apk
to...@google.com <to...@google.com> #4
FYI it seems to be possible to temporarily break open the encapsulation of internal modules via a javac 9 via command line flags:
--add-exports java.base/sun.security.pkcs=ALL-UNNAMED --add-exports java.base/sun.security.x509=ALL-UNNAMED
Yesterday when building without the flag, javac failed with:
Exception in thread "main" java.lang.IllegalAccessError: class com.android.apksig.internal.apk.v1.V1SchemeSigner (in unnamed module @0x64f6106c) cannot access class sun.security.x509.AlgorithmId (in module java.base) because module java.base does not export sun.security.x509 to unnamed module @0x64f6106c
at [...]
It seems like the option is not allowed when setting --target 1.8:
javac: option --add-exports not allowed with target 1.8
(I thought I had been running with --target 1.8 yesterday as well, but *shrug*).
So tools/apksig/Android.mk probably needs those flags when building for version 53 class files (OpenJDK 9).
--add-exports java.base/sun.security.pkcs=ALL-UNNAMED --add-exports java.base/sun.security.x509=ALL-UNNAMED
Yesterday when building without the flag, javac failed with:
Exception in thread "main" java.lang.IllegalAccessError: class com.android.apksig.internal.apk.v1.V1SchemeSigner (in unnamed module @0x64f6106c) cannot access class sun.security.x509.AlgorithmId (in module java.base) because module java.base does not export sun.security.x509 to unnamed module @0x64f6106c
at [...]
It seems like the option is not allowed when setting --target 1.8:
javac: option --add-exports not allowed with target 1.8
(I thought I had been running with --target 1.8 yesterday as well, but *shrug*).
So tools/apksig/Android.mk probably needs those flags when building for version 53 class files (OpenJDK 9).
to...@google.com <to...@google.com> #5
I just ran into the issue again but not for make apksig{,ner} so it must be some other build target that triggers the failure when building with -target 1.8.
Sadly, the order in which build targets are built doesn't seem to be deterministic and there are other issues, so I'l not sure what target was failing.
Sadly, the order in which build targets are built doesn't seem to be deterministic and there are other issues, so I'l not sure what target was failing.
to...@google.com <to...@google.com> #6
Silly me, the issue is not when *building* apksigner but when *running* it (as part of building some other targets). I think the bug had already realized this but I hadn't :)
Here's the exception I'm getting:
Exception in thread "main" java.lang.IllegalAccessError: class com.android.apksig.internal.apk.v1.V1SchemeSigner (in unnamed module @0x4e718207) cannot access class sun.security.x509.AlgorithmId (in module java.base) because module java.base does not export sun.security.x509 to unnamed module @0x4e718207
at com.android.apksig.internal.apk.v1.V1SchemeSigner.getSupportedAlgorithmId(V1SchemeSigner.java:623)
at com.android.apksig.internal.apk.v1.V1SchemeSigner.<clinit>(V1SchemeSigner.java:539)
at com.android.apksig.DefaultApkSignerEngine.<init>(DefaultApkSignerEngine.java:148)
at com.android.apksig.DefaultApkSignerEngine.<init>(DefaultApkSignerEngine.java:51)
at com.android.apksig.DefaultApkSignerEngine$Builder.build(DefaultApkSignerEngine.java:901)
at com.android.signapk.SignApk.main(SignApk.java:1060)
Here's the exception I'm getting:
Exception in thread "main" java.lang.IllegalAccessError: class com.android.apksig.internal.apk.v1.V1SchemeSigner (in unnamed module @0x4e718207) cannot access class sun.security.x509.AlgorithmId (in module java.base) because module java.base does not export sun.security.x509 to unnamed module @0x4e718207
at com.android.apksig.internal.apk.v1.V1SchemeSigner.getSupportedAlgorithmId(V1SchemeSigner.java:623)
at com.android.apksig.internal.apk.v1.V1SchemeSigner.<clinit>(V1SchemeSigner.java:539)
at com.android.apksig.DefaultApkSignerEngine.<init>(DefaultApkSignerEngine.java:148)
at com.android.apksig.DefaultApkSignerEngine.<init>(DefaultApkSignerEngine.java:51)
at com.android.apksig.DefaultApkSignerEngine$Builder.build(DefaultApkSignerEngine.java:901)
at com.android.signapk.SignApk.main(SignApk.java:1060)
kl...@google.com <kl...@google.com> #7
signapk, which is what's currently used by the build system to sign APKs, is using apksig library to sign APK. So, the above failure is expected on Java 9.
to...@google.com <to...@google.com> #8
I have pending changes that fix this. Stealing the bug.
to...@google.com <to...@google.com> #9
Actually, my changes only *work around* the bug by passing some javac command line parameters that let apksigner still access those internal APIs. These pending changes will be sufficient for unblocking bug 38177295 .
Should we leave this bug to cover the work to move away from those private APIs? If so, I'll assign it back to klyubin.
Should we leave this bug to cover the work to move away from those private APIs? If so, I'll assign it back to klyubin.
kl...@google.com <kl...@google.com> #10
Yes, I'd prefer this to remain assigned to me to stop using sun.** API in apksig library. The workarounds you mentioned would be good to know and/or mentioned here just in case we need them very soon.
to...@google.com <to...@google.com> #11
I believe the right workaround is to add these command line options to the "java" invocation:
--add-exports java.base/sun.security.pkcs=ALL-UNNAMED --add-exports java.base/sun.security.x509=ALL-UNNAMED
Turns out apksig is not actually part of my pending changes. Huh. I must have mis-remembered something? Maybe the -target 1.8 with which I'm running OpenJDK 9's javac also stops OpenJDK 9's java complaining in this case. If so, that also seems like a fine workaround (until we want to run with OpenJDK 9's java, which I plan to start looking into, soon, but with no specific ETA).
--add-exports java.base/sun.security.pkcs=ALL-UNNAMED --add-exports java.base/sun.security.x509=ALL-UNNAMED
Turns out apksig is not actually part of my pending changes. Huh. I must have mis-remembered something? Maybe the -target 1.8 with which I'm running OpenJDK 9's javac also stops OpenJDK 9's java complaining in this case. If so, that also seems like a fine workaround (until we want to run with OpenJDK 9's java, which I plan to start looking into, soon, but with no specific ETA).
to...@google.com <to...@google.com> #12
Correction: Those changes *are* part of my pending changes. But the changes are in build/make/core/definitions.mk around line 2700, rather than in tools/apksig
I'll export a CL shortly (probably today).
I'll export a CL shortly (probably today).
to...@google.com <to...@google.com> #13
I exported my CL as http://aosp/402735 and added klyubin@ as a reviewer.
ap...@google.com <ap...@google.com> #14
Project: platform/build
Branch: master
commit 9cc3c76abd9c8fa159616883e06526d56b5136e5
Author: Tobias Thierer <tobiast@google.com>
Date: Tue May 09 22:04:25 2017
Let signapk access internal APIs under OpenJDK 9 toolchain
signapk relies on internal APIs sun.security.{pkcs,x509},
for example in com.android.apksig.internal.apk.v1.V1SchemeSigner.
This breaks at signapk runtime under OpenJDK 9 because those
packages are not exported by the java.base module.
This CL unbreaks signapk by allowing it to access these internal
packages. In the long term, signapk should migrate away from these
internal APIs ( bug 37137869 ).
Test: make ANDROID_COMPILE_WITH_JACK=false checkbuild tests \
&& make checkbuild tests
(with OpenJDK 8u45 toolchain on the PATH)
Test: make EXPERIMENTAL_USE_OPENJDK9=true \
ANDROID_COMPILE_WITH_JACK=false checkbuild
(with jdk 9-ea+170 toolchain on the PATH)
Bug: 37137869
Bug: 38177295
Change-Id: I64cab83e6eb7b135cf2ad7b523736cb409aaae02
M core/definitions.mk
https://android-review.googlesource.com/402735
https://goto.google.com/android-sha1/9cc3c76abd9c8fa159616883e06526d56b5136e5
Branch: master
commit 9cc3c76abd9c8fa159616883e06526d56b5136e5
Author: Tobias Thierer <tobiast@google.com>
Date: Tue May 09 22:04:25 2017
Let signapk access internal APIs under OpenJDK 9 toolchain
signapk relies on internal APIs sun.security.{pkcs,x509},
for example in com.android.apksig.internal.apk.v1.V1SchemeSigner.
This breaks at signapk runtime under OpenJDK 9 because those
packages are not exported by the java.base module.
This CL unbreaks signapk by allowing it to access these internal
packages. In the long term, signapk should migrate away from these
internal APIs (
Test: make ANDROID_COMPILE_WITH_JACK=false checkbuild tests \
&& make checkbuild tests
(with OpenJDK 8u45 toolchain on the PATH)
Test: make EXPERIMENTAL_USE_OPENJDK9=true \
ANDROID_COMPILE_WITH_JACK=false checkbuild
(with jdk 9-ea+170 toolchain on the PATH)
Bug: 37137869
Bug: 38177295
Change-Id: I64cab83e6eb7b135cf2ad7b523736cb409aaae02
M core/
to...@google.com <to...@google.com> #15
The CL from comment #14 unblocks bug 38177295 , so I'm updating this bug correspondingly.
kl...@google.com <kl...@google.com> #16
Thanks, Tobias! I'll revert your change once to the build system once apksig library no longer relies on sun.** APIs.
ap...@google.com <ap...@google.com> #17
Project: platform/tools/apksig
Branch: master
commit 2ded5eb392c26eb13b96bfcec7e3517bb06eb94c
Author: Alex Klyubin <klyubin@google.com>
Date: Thu Jun 22 14:20:04 2017
Add ASN.1 BER parser
This adds an ASN.1 BER parser to be used for parsing PKCS #7 signature
blocks of APK JAR signatures. The main reason for adding the parser
instead of using Sun's/Oracle's sun.** classes is that these classes
will no longer be accessible (by default) in Java 9 and will likely no
longer be accessible at all in a later release of Java.
The parser takes a BER-encoded input and parses it into the ASN.1
structure represented as a Java object. The main entry point of the
parser is Asn1BerParser.parse.
Test: bazel test ...
Test: gradlew test
Bug: 37137869
Change-Id: I56ecef77c3e32d609a9ea00b71467ed4c11b1757
A src/main/java/com/android/apksig/internal/asn1/Asn1BerParser.java
A src/main/java/com/android/apksig/internal/asn1/Asn1Class.java
A src/main/java/com/android/apksig/internal/asn1/Asn1DecodingException.java
A src/main/java/com/android/apksig/internal/asn1/Asn1Field.java
A src/main/java/com/android/apksig/internal/asn1/Asn1OpaqueObject.java
A src/main/java/com/android/apksig/internal/asn1/Asn1TagClass.java
A src/main/java/com/android/apksig/internal/asn1/Asn1Tagging.java
A src/main/java/com/android/apksig/internal/asn1/Asn1Type.java
M src/main/java/com/android/apksig/internal/asn1/ber/BerDataValueReader.java
M src/main/java/com/android/apksig/internal/asn1/ber/BerEncoding.java
M src/main/java/com/android/apksig/internal/asn1/ber/ByteBufferBerDataValueReader.java
M src/main/java/com/android/apksig/internal/asn1/ber/InputStreamBerDataValueReader.java
A src/main/java/com/android/apksig/internal/util/ByteBufferUtils.java
M src/test/java/com/android/apksig/internal/asn1/AllTests.java
A src/test/java/com/android/apksig/internal/asn1/Asn1BerParserTest.java
https://android-review.googlesource.com/420792
https://goto.google.com/android-sha1/2ded5eb392c26eb13b96bfcec7e3517bb06eb94c
Branch: master
commit 2ded5eb392c26eb13b96bfcec7e3517bb06eb94c
Author: Alex Klyubin <klyubin@google.com>
Date: Thu Jun 22 14:20:04 2017
Add ASN.1 BER parser
This adds an ASN.1 BER parser to be used for parsing PKCS #7 signature
blocks of APK JAR signatures. The main reason for adding the parser
instead of using Sun's/Oracle's sun.** classes is that these classes
will no longer be accessible (by default) in Java 9 and will likely no
longer be accessible at all in a later release of Java.
The parser takes a BER-encoded input and parses it into the ASN.1
structure represented as a Java object. The main entry point of the
parser is Asn1BerParser.parse.
Test: bazel test ...
Test: gradlew test
Bug: 37137869
Change-Id: I56ecef77c3e32d609a9ea00b71467ed4c11b1757
A src/main/java/com/android/apksig/internal/asn1/Asn1BerParser.java
A src/main/java/com/android/apksig/internal/asn1/Asn1Class.java
A src/main/java/com/android/apksig/internal/asn1/Asn1DecodingException.java
A src/main/java/com/android/apksig/internal/asn1/Asn1Field.java
A src/main/java/com/android/apksig/internal/asn1/Asn1OpaqueObject.java
A src/main/java/com/android/apksig/internal/asn1/Asn1TagClass.java
A src/main/java/com/android/apksig/internal/asn1/Asn1Tagging.java
A src/main/java/com/android/apksig/internal/asn1/Asn1Type.java
M src/main/java/com/android/apksig/internal/asn1/ber/BerDataValueReader.java
M src/main/java/com/android/apksig/internal/asn1/ber/BerEncoding.java
M src/main/java/com/android/apksig/internal/asn1/ber/ByteBufferBerDataValueReader.java
M src/main/java/com/android/apksig/internal/asn1/ber/InputStreamBerDataValueReader.java
A src/main/java/com/android/apksig/internal/util/ByteBufferUtils.java
M src/test/java/com/android/apksig/internal/asn1/AllTests.java
A src/test/java/com/android/apksig/internal/asn1/Asn1BerParserTest.java
ap...@google.com <ap...@google.com> #18
Project: platform/tools/apksig
Branch: master
commit 48793cefc913817a2e3aab8cd329a343c1bec636
Author: Alex Klyubin <klyubin@google.com>
Date: Mon Jun 26 09:43:01 2017
Add ASN.1 DER encoder
This adds an ASN.1 DER encoder to be used for encoding PKCS #7
signature blocks of APK JAR signatures. The main reason for adding
the encoder instead of using Sun's/Oracle's sun.** classes is that
these classes will no longer be accessible (by default) in Java 9 and
will likely no longer be accessible at all in a later release of Java.
The parser takes an annotated Java object representing an ASN.1
structure and produces the DER encoding of the object. The main entry
point of the encoder is Asn1DerEncoder.encode.
Test: bazel test ...
Test: gradlew test
Bug: 37137869
Change-Id: I2225431a1a351298ae2e47a244373aa21b16dfd4
A src/main/java/com/android/apksig/internal/asn1/Asn1DerEncoder.java
A src/main/java/com/android/apksig/internal/asn1/Asn1EncodingException.java
M src/main/java/com/android/apksig/internal/asn1/Asn1Field.java
M src/main/java/com/android/apksig/internal/asn1/ber/BerEncoding.java
M src/test/java/com/android/apksig/internal/asn1/AllTests.java
A src/test/java/com/android/apksig/internal/asn1/Asn1DerEncoderTest.java
https://android-review.googlesource.com/422919
https://goto.google.com/android-sha1/48793cefc913817a2e3aab8cd329a343c1bec636
Branch: master
commit 48793cefc913817a2e3aab8cd329a343c1bec636
Author: Alex Klyubin <klyubin@google.com>
Date: Mon Jun 26 09:43:01 2017
Add ASN.1 DER encoder
This adds an ASN.1 DER encoder to be used for encoding PKCS #7
signature blocks of APK JAR signatures. The main reason for adding
the encoder instead of using Sun's/Oracle's sun.** classes is that
these classes will no longer be accessible (by default) in Java 9 and
will likely no longer be accessible at all in a later release of Java.
The parser takes an annotated Java object representing an ASN.1
structure and produces the DER encoding of the object. The main entry
point of the encoder is Asn1DerEncoder.encode.
Test: bazel test ...
Test: gradlew test
Bug: 37137869
Change-Id: I2225431a1a351298ae2e47a244373aa21b16dfd4
A src/main/java/com/android/apksig/internal/asn1/Asn1DerEncoder.java
A src/main/java/com/android/apksig/internal/asn1/Asn1EncodingException.java
M src/main/java/com/android/apksig/internal/asn1/Asn1Field.java
M src/main/java/com/android/apksig/internal/asn1/ber/BerEncoding.java
M src/test/java/com/android/apksig/internal/asn1/AllTests.java
A src/test/java/com/android/apksig/internal/asn1/Asn1DerEncoderTest.java
ap...@google.com <ap...@google.com> #19
Project: platform/tools/apksig
Branch: master
commit ca1bcedcf8aaa783aac3762e0e0a36c4f7f03298
Author: Alex Klyubin <klyubin@google.com>
Date: Wed Jun 28 10:24:23 2017
Handle nested indefinite length BER encoding
This fixes the ASN.1 BER parser to correctly handle nested indefinite
length encoded data values. Indefinite length encoding provides no
length estimate upfront and instead terminates the value using 0x00
0x00. As a result, contructed data values (i.e., those that contain
nested data values) must be BER-parsed to establish the correct 0x00
0x00 terminator because nested data values might be indefinite length
encoded and their 0x00 0x00 terminator could be mistaken for the outer
value's terminator. Primitive values (i.e., those that are not
constructed) cannot contain nested data values and thus must not be
BER-parsed to locate 0x00 0x00.
Test: bazel test ...
Test: gradlew test
Bug: 37137869
Change-Id: I9991dcf766d43c2b8a5560639521ff9ad9043d61
M src/main/java/com/android/apksig/internal/asn1/ber/ByteBufferBerDataValueReader.java
M src/main/java/com/android/apksig/internal/asn1/ber/InputStreamBerDataValueReader.java
M src/test/java/com/android/apksig/internal/asn1/Asn1BerParserTest.java
M src/test/java/com/android/apksig/internal/asn1/ber/BerDataValueReaderTestBase.java
https://android-review.googlesource.com/425308
https://goto.google.com/android-sha1/ca1bcedcf8aaa783aac3762e0e0a36c4f7f03298
Branch: master
commit ca1bcedcf8aaa783aac3762e0e0a36c4f7f03298
Author: Alex Klyubin <klyubin@google.com>
Date: Wed Jun 28 10:24:23 2017
Handle nested indefinite length BER encoding
This fixes the ASN.1 BER parser to correctly handle nested indefinite
length encoded data values. Indefinite length encoding provides no
length estimate upfront and instead terminates the value using 0x00
0x00. As a result, contructed data values (i.e., those that contain
nested data values) must be BER-parsed to establish the correct 0x00
0x00 terminator because nested data values might be indefinite length
encoded and their 0x00 0x00 terminator could be mistaken for the outer
value's terminator. Primitive values (i.e., those that are not
constructed) cannot contain nested data values and thus must not be
BER-parsed to locate 0x00 0x00.
Test: bazel test ...
Test: gradlew test
Bug: 37137869
Change-Id: I9991dcf766d43c2b8a5560639521ff9ad9043d61
M src/main/java/com/android/apksig/internal/asn1/ber/ByteBufferBerDataValueReader.java
M src/main/java/com/android/apksig/internal/asn1/ber/InputStreamBerDataValueReader.java
M src/test/java/com/android/apksig/internal/asn1/Asn1BerParserTest.java
M src/test/java/com/android/apksig/internal/asn1/ber/BerDataValueReaderTestBase.java
ap...@google.com <ap...@google.com> #20
Project: platform/tools/apksig
Branch: master
commit a29a14510e747335746bebf208b1f9cbff77cfbf
Author: Alex Klyubin <klyubin@google.com>
Date: Thu Jun 29 08:46:32 2017
Don't re-encode RDNs in PKCS #7 SignerIdentifier
JAR signature is a CMS PKCS #7 ContentInfo / SignedData block which
contains a bag of certificates. The signing certificate is identified
in this bag by SignerIdentifier which contains the certificate's
Issuer DN. This commit fixes a bug where the SignerIdentifier field
was constructed in a way which in some cases re-encoded the Issuer's
RDNs, for example, by switching from Utf8String to PrintableString.
This is technically permitted, but is unnecessary.
As a result of this change, golden APKs needed to be updated. The only
change in these APKs is that the SubjectIdentifier now uses the same
encoded form of Issuer as the certificate it is referencing.
Test: bazel test ...
Test: gradlew test
Bug: 37137869
Change-Id: I61ae97beb8bbd21ac6fdc2af3910f87687256802
M src/main/java/com/android/apksig/internal/apk/v1/V1SchemeSigner.java
M src/test/resources/com/android/apksig/golden-aligned-out.apk
M src/test/resources/com/android/apksig/golden-aligned-v1-out.apk
M src/test/resources/com/android/apksig/golden-aligned-v1v2-out.apk
M src/test/resources/com/android/apksig/golden-legacy-aligned-out.apk
M src/test/resources/com/android/apksig/golden-legacy-aligned-v1-out.apk
M src/test/resources/com/android/apksig/golden-legacy-aligned-v1v2-out.apk
M src/test/resources/com/android/apksig/golden-rsa-minSdkVersion-1-out.apk
M src/test/resources/com/android/apksig/golden-rsa-minSdkVersion-18-out.apk
M src/test/resources/com/android/apksig/golden-rsa-minSdkVersion-24-out.apk
M src/test/resources/com/android/apksig/golden-rsa-out.apk
M src/test/resources/com/android/apksig/golden-unaligned-out.apk
M src/test/resources/com/android/apksig/golden-unaligned-v1-out.apk
M src/test/resources/com/android/apksig/golden-unaligned-v1v2-out.apk
https://android-review.googlesource.com/426800
https://goto.google.com/android-sha1/a29a14510e747335746bebf208b1f9cbff77cfbf
Branch: master
commit a29a14510e747335746bebf208b1f9cbff77cfbf
Author: Alex Klyubin <klyubin@google.com>
Date: Thu Jun 29 08:46:32 2017
Don't re-encode RDNs in PKCS #7 SignerIdentifier
JAR signature is a CMS PKCS #7 ContentInfo / SignedData block which
contains a bag of certificates. The signing certificate is identified
in this bag by SignerIdentifier which contains the certificate's
Issuer DN. This commit fixes a bug where the SignerIdentifier field
was constructed in a way which in some cases re-encoded the Issuer's
RDNs, for example, by switching from Utf8String to PrintableString.
This is technically permitted, but is unnecessary.
As a result of this change, golden APKs needed to be updated. The only
change in these APKs is that the SubjectIdentifier now uses the same
encoded form of Issuer as the certificate it is referencing.
Test: bazel test ...
Test: gradlew test
Bug: 37137869
Change-Id: I61ae97beb8bbd21ac6fdc2af3910f87687256802
M src/main/java/com/android/apksig/internal/apk/v1/V1SchemeSigner.java
M src/test/resources/com/android/apksig/golden-aligned-out.apk
M src/test/resources/com/android/apksig/golden-aligned-v1-out.apk
M src/test/resources/com/android/apksig/golden-aligned-v1v2-out.apk
M src/test/resources/com/android/apksig/golden-legacy-aligned-out.apk
M src/test/resources/com/android/apksig/golden-legacy-aligned-v1-out.apk
M src/test/resources/com/android/apksig/golden-legacy-aligned-v1v2-out.apk
M src/test/resources/com/android/apksig/golden-rsa-minSdkVersion-1-out.apk
M src/test/resources/com/android/apksig/golden-rsa-minSdkVersion-18-out.apk
M src/test/resources/com/android/apksig/golden-rsa-minSdkVersion-24-out.apk
M src/test/resources/com/android/apksig/golden-rsa-out.apk
M src/test/resources/com/android/apksig/golden-unaligned-out.apk
M src/test/resources/com/android/apksig/golden-unaligned-v1-out.apk
M src/test/resources/com/android/apksig/golden-unaligned-v1v2-out.apk
ap...@google.com <ap...@google.com> #21
Project: platform/tools/apksig
Branch: master
commit b40d3e4821bc9cb094b0ff13153340e3a0da1b3f
Author: Alex Klyubin <klyubin@google.com>
Date: Wed Jun 28 11:22:50 2017
Stop relying on sun.** when JAR signing
This modifies JAR signing logic to no longer use sun.** classes.
PKCS #7 ASN.1 DER encoding logic is now embedded in apksig.
Test: bazel test ...
Test: gradlew test
Bug: 37137869
Change-Id: Idb2ee92b624e1147222af76a2c2cb2e0a6d9b178
M src/main/java/com/android/apksig/internal/apk/v1/V1SchemeSigner.java
M src/main/java/com/android/apksig/internal/apk/v1/V1SchemeVerifier.java
A src/main/java/com/android/apksig/internal/pkcs7/AlgorithmIdentifier.java
A src/main/java/com/android/apksig/internal/pkcs7/Attribute.java
A src/main/java/com/android/apksig/internal/pkcs7/ContentInfo.java
A src/main/java/com/android/apksig/internal/pkcs7/EncapsulatedContentInfo.java
A src/main/java/com/android/apksig/internal/pkcs7/IssuerAndSerialNumber.java
A src/main/java/com/android/apksig/internal/pkcs7/Pkcs7Constants.java
A src/main/java/com/android/apksig/internal/pkcs7/SignedData.java
A src/main/java/com/android/apksig/internal/pkcs7/SignerIdentifier.java
A src/main/java/com/android/apksig/internal/pkcs7/SignerInfo.java
https://android-review.googlesource.com/425486
https://goto.google.com/android-sha1/b40d3e4821bc9cb094b0ff13153340e3a0da1b3f
Branch: master
commit b40d3e4821bc9cb094b0ff13153340e3a0da1b3f
Author: Alex Klyubin <klyubin@google.com>
Date: Wed Jun 28 11:22:50 2017
Stop relying on sun.** when JAR signing
This modifies JAR signing logic to no longer use sun.** classes.
PKCS #7 ASN.1 DER encoding logic is now embedded in apksig.
Test: bazel test ...
Test: gradlew test
Bug: 37137869
Change-Id: Idb2ee92b624e1147222af76a2c2cb2e0a6d9b178
M src/main/java/com/android/apksig/internal/apk/v1/V1SchemeSigner.java
M src/main/java/com/android/apksig/internal/apk/v1/V1SchemeVerifier.java
A src/main/java/com/android/apksig/internal/pkcs7/AlgorithmIdentifier.java
A src/main/java/com/android/apksig/internal/pkcs7/Attribute.java
A src/main/java/com/android/apksig/internal/pkcs7/ContentInfo.java
A src/main/java/com/android/apksig/internal/pkcs7/EncapsulatedContentInfo.java
A src/main/java/com/android/apksig/internal/pkcs7/IssuerAndSerialNumber.java
A src/main/java/com/android/apksig/internal/pkcs7/Pkcs7Constants.java
A src/main/java/com/android/apksig/internal/pkcs7/SignedData.java
A src/main/java/com/android/apksig/internal/pkcs7/SignerIdentifier.java
A src/main/java/com/android/apksig/internal/pkcs7/SignerInfo.java
to...@google.com <to...@google.com> #22
Assigning myself as verifier so I can verify whether http://r.android.com/402735 can be reverted once this bug is closed.
ap...@google.com <ap...@google.com> #23
Project: platform/tools/apksig
Branch: master
commit 88d729840f1046c3ed04c35a3130d79fe85a19c3
Author: Alex Klyubin <klyubin@google.com>
Date: Wed Jul 19 14:16:56 2017
Add tests for JAR sigs with signed attrs
JAR signatures can contain signed attributes. Android supports
such signatures. Test for this.
Test: bazel test ...
Test: gradlew test
Bug: 37137869
Change-Id: Ia3a57cafab7ef829b90beea3924cf3c3daf4cfba
M src/test/java/com/android/apksig/ApkVerifierTest.java
A src/test/resources/com/android/apksig/v1-only-with-signed-attrs-missing-content-type.apk
A src/test/resources/com/android/apksig/v1-only-with-signed-attrs-multiple-good-digests.apk
A src/test/resources/com/android/apksig/v1-only-with-signed-attrs-wrong-content-type.apk
A src/test/resources/com/android/apksig/v1-only-with-signed-attrs-wrong-digest.apk
A src/test/resources/com/android/apksig/v1-only-with-signed-attrs-wrong-order.apk
A src/test/resources/com/android/apksig/v1-only-with-signed-attrs-wrong-signature.apk
A src/test/resources/com/android/apksig/v1-only-with-signed-attrs.apk
https://android-review.googlesource.com/439479
https://goto.google.com/android-sha1/88d729840f1046c3ed04c35a3130d79fe85a19c3
Branch: master
commit 88d729840f1046c3ed04c35a3130d79fe85a19c3
Author: Alex Klyubin <klyubin@google.com>
Date: Wed Jul 19 14:16:56 2017
Add tests for JAR sigs with signed attrs
JAR signatures can contain signed attributes. Android supports
such signatures. Test for this.
Test: bazel test ...
Test: gradlew test
Bug: 37137869
Change-Id: Ia3a57cafab7ef829b90beea3924cf3c3daf4cfba
M src/test/java/com/android/apksig/ApkVerifierTest.java
A src/test/resources/com/android/apksig/v1-only-with-signed-attrs-missing-content-type.apk
A src/test/resources/com/android/apksig/v1-only-with-signed-attrs-multiple-good-digests.apk
A src/test/resources/com/android/apksig/v1-only-with-signed-attrs-wrong-content-type.apk
A src/test/resources/com/android/apksig/v1-only-with-signed-attrs-wrong-digest.apk
A src/test/resources/com/android/apksig/v1-only-with-signed-attrs-wrong-order.apk
A src/test/resources/com/android/apksig/v1-only-with-signed-attrs-wrong-signature.apk
A src/test/resources/com/android/apksig/v1-only-with-signed-attrs.apk
ap...@google.com <ap...@google.com> #24
Project: platform/tools/apksig
Branch: master
commit 9a435f125fd654c7c3ec815111f18988478cdc40
Author: Alex Klyubin <klyubin@google.com>
Date: Mon Jul 24 17:31:31 2017
Stop relying on sun.** when verifying JAR sigs
This modifies JAR signature verification logic to no longer directly
use sun.** classes. PKCS #7 ASN.1 BER parsing and signature
verification logic is now embedded in the apksig library.
This commit also removes compile-time workarounds for apksig's use of
sun.** classes from Android.mk.
Test: bazel test ...
Test: gradlew test
Test: Edited build/make/core/java_common.mk line 22 to say
LOCAL_JAVA_LANGUAGE_VERSION := 1.9
and then ran "make apksig"
Test: export EXPERIMENTAL_USE_OPENJDK9=target8
left LOCAL_JAVA_LANGUAGE_VERSION at 1.8, and then
ran "make apksig"
Bug: 37137869
Change-Id: I4688f0ef0fc48653376b007b28a6a56aec21bb09
M Android.mk
M src/main/java/com/android/apksig/internal/apk/v1/V1SchemeVerifier.java
M src/main/java/com/android/apksig/internal/apk/v2/V2SchemeVerifier.java
M src/main/java/com/android/apksig/internal/asn1/Asn1BerParser.java
M src/main/java/com/android/apksig/internal/pkcs7/Pkcs7Constants.java
A src/main/java/com/android/apksig/internal/pkcs7/Pkcs7DecodingException.java
M src/main/java/com/android/apksig/internal/pkcs7/SignerInfo.java
A src/main/java/com/android/apksig/internal/util/GuaranteedEncodedFormX509Certificate.java
M src/test/java/com/android/apksig/ApkVerifierTest.java
https://android-review.googlesource.com/442763
https://goto.google.com/android-sha1/9a435f125fd654c7c3ec815111f18988478cdc40
Branch: master
commit 9a435f125fd654c7c3ec815111f18988478cdc40
Author: Alex Klyubin <klyubin@google.com>
Date: Mon Jul 24 17:31:31 2017
Stop relying on sun.** when verifying JAR sigs
This modifies JAR signature verification logic to no longer directly
use sun.** classes. PKCS #7 ASN.1 BER parsing and signature
verification logic is now embedded in the apksig library.
This commit also removes compile-time workarounds for apksig's use of
sun.** classes from Android.mk.
Test: bazel test ...
Test: gradlew test
Test: Edited build/make/core/
LOCAL_JAVA_LANGUAGE_VERSION := 1.9
and then ran "make apksig"
Test: export EXPERIMENTAL_USE_OPENJDK9=target8
left LOCAL_JAVA_LANGUAGE_VERSION at 1.8, and then
ran "make apksig"
Bug: 37137869
Change-Id: I4688f0ef0fc48653376b007b28a6a56aec21bb09
M Android.mk
M src/main/java/com/android/apksig/internal/apk/v1/V1SchemeVerifier.java
M src/main/java/com/android/apksig/internal/apk/v2/V2SchemeVerifier.java
M src/main/java/com/android/apksig/internal/asn1/Asn1BerParser.java
M src/main/java/com/android/apksig/internal/pkcs7/Pkcs7Constants.java
A src/main/java/com/android/apksig/internal/pkcs7/Pkcs7DecodingException.java
M src/main/java/com/android/apksig/internal/pkcs7/SignerInfo.java
A src/main/java/com/android/apksig/internal/util/GuaranteedEncodedFormX509Certificate.java
M src/test/java/com/android/apksig/ApkVerifierTest.java
ap...@google.com <ap...@google.com> #25
Project: platform/tools/apksig
Branch: master
commit 381588709b97405a29a0a87eb970ff8dd366e14f
Author: Alex Klyubin <klyubin@google.com>
Date: Thu Jul 20 11:45:35 2017
Tweaks in handling of JAR signed attributes
APK's JAR signature may contain signed attributes. There are
differences in behavior between pre-N and N+ Android Package Manager
wrt how signed attributes are handled. Prior to commit
9a435f125fd654c7c3ec815111f18988478cdc40 it was not possible to
fully reflect these differences and reflecting them in that commit
would've been too much of a change. Thus, this commit is a follow up
which adds tests for the differences in behavior and adjusts JAR
signature verifier where necessary:
* APKs with signed attributes are broken/unsafe pre-KitKat and are
thus rejected,
* Content type in signed attributes is ignored in pre-N, and
* Mismatch between digest in signed attributes and digest of .SF file
fails verification of the whole signing block, even if the block
contains SignerInfos which verify.
Test: bazel test ...
Test: gradlew test
Bug: 37137869
Change-Id: I94f07c17b83f626fff6d1cf2ecc0a20f39855921
M src/main/java/com/android/apksig/internal/apk/v1/V1SchemeVerifier.java
M src/main/java/com/android/apksig/internal/util/AndroidSdkVersion.java
M src/test/java/com/android/apksig/ApkVerifierTest.java
A src/test/resources/com/android/apksig/v1-only-with-signed-attrs-missing-digest.apk
A src/test/resources/com/android/apksig/v1-only-with-signed-attrs-signerInfo1-good-signerInfo2-good.apk
A src/test/resources/com/android/apksig/v1-only-with-signed-attrs-signerInfo1-missing-content-type-signerInfo2-good.apk
A src/test/resources/com/android/apksig/v1-only-with-signed-attrs-signerInfo1-missing-digest-signerInfo2-good.apk
A src/test/resources/com/android/apksig/v1-only-with-signed-attrs-signerInfo1-multiple-good-digests-signerInfo2-good.apk
A src/test/resources/com/android/apksig/v1-only-with-signed-attrs-signerInfo1-wrong-content-type-signerInfo2-good.apk
A src/test/resources/com/android/apksig/v1-only-with-signed-attrs-signerInfo1-wrong-digest-signerInfo2-good.apk
A src/test/resources/com/android/apksig/v1-only-with-signed-attrs-signerInfo1-wrong-order-signerInfo2-good.apk
A src/test/resources/com/android/apksig/v1-only-with-signed-attrs-signerInfo1-wrong-signature-signerInfo2-good.apk
https://android-review.googlesource.com/450344
https://goto.google.com/android-sha1/381588709b97405a29a0a87eb970ff8dd366e14f
Branch: master
commit 381588709b97405a29a0a87eb970ff8dd366e14f
Author: Alex Klyubin <klyubin@google.com>
Date: Thu Jul 20 11:45:35 2017
Tweaks in handling of JAR signed attributes
APK's JAR signature may contain signed attributes. There are
differences in behavior between pre-N and N+ Android Package Manager
wrt how signed attributes are handled. Prior to commit
9a435f125fd654c7c3ec815111f18988478cdc40 it was not possible to
fully reflect these differences and reflecting them in that commit
would've been too much of a change. Thus, this commit is a follow up
which adds tests for the differences in behavior and adjusts JAR
signature verifier where necessary:
* APKs with signed attributes are broken/unsafe pre-KitKat and are
thus rejected,
* Content type in signed attributes is ignored in pre-N, and
* Mismatch between digest in signed attributes and digest of .SF file
fails verification of the whole signing block, even if the block
contains SignerInfos which verify.
Test: bazel test ...
Test: gradlew test
Bug: 37137869
Change-Id: I94f07c17b83f626fff6d1cf2ecc0a20f39855921
M src/main/java/com/android/apksig/internal/apk/v1/V1SchemeVerifier.java
M src/main/java/com/android/apksig/internal/util/AndroidSdkVersion.java
M src/test/java/com/android/apksig/ApkVerifierTest.java
A src/test/resources/com/android/apksig/v1-only-with-signed-attrs-missing-digest.apk
A src/test/resources/com/android/apksig/v1-only-with-signed-attrs-signerInfo1-good-signerInfo2-good.apk
A src/test/resources/com/android/apksig/v1-only-with-signed-attrs-signerInfo1-missing-content-type-signerInfo2-good.apk
A src/test/resources/com/android/apksig/v1-only-with-signed-attrs-signerInfo1-missing-digest-signerInfo2-good.apk
A src/test/resources/com/android/apksig/v1-only-with-signed-attrs-signerInfo1-multiple-good-digests-signerInfo2-good.apk
A src/test/resources/com/android/apksig/v1-only-with-signed-attrs-signerInfo1-wrong-content-type-signerInfo2-good.apk
A src/test/resources/com/android/apksig/v1-only-with-signed-attrs-signerInfo1-wrong-digest-signerInfo2-good.apk
A src/test/resources/com/android/apksig/v1-only-with-signed-attrs-signerInfo1-wrong-order-signerInfo2-good.apk
A src/test/resources/com/android/apksig/v1-only-with-signed-attrs-signerInfo1-wrong-signature-signerInfo2-good.apk
ap...@google.com <ap...@google.com> #26
Project: platform/tools/apksig
Branch: master
commit 76d14b580f08fc3f84aaf3ebabdb7197bfbfcb2b
Author: Alex Klyubin <klyubin@google.com>
Date: Tue Jul 25 13:38:52 2017
Add --pass-encoding parameter to apksigner
When keytool creates a KeyStore or key which is protected with a
password containing non-ASCII characters, keytool may encode the
password using the console's encoding or the JVM default encoding
instead of using the password verbatim, in its Unicode form. In
apksigner 0.5 support was added to handle this issue by having
apksigner try several variants of the password: verbatim/Unicode,
encoded using console encoding, and encoded using JVM default
encoding. Unfortunatly, there is no public API to obtain the
console's encoding. apksigner 0.5 cheated by accessing
Console.encoding field via Reflection API. This is no longer
advisable in Java 9 because access to such private API is brittle
and now leads to JVM warnings spewing on the standard output.
To make apksigner compatible with Java 9, apksigner's behavior is
being changed by this commit. apksigner no longer attempts to detect
console encoding on Java 9. Those users which use non-ASCII password
keystores/keys created by keytool in environments where console
encoding is not the same as the JVM default encoding, such as English
Windows where console encoding is ibm437 and JVM default encoding is
windows-1252, will need to pass in the new --pass-encoding <encoding>
parameter (e.g., --pass-encoding ibm437) to tell apksigner to try
a password variant encoded using that encoding, in addition to trying
the Unicode and JVM default encoding variants of the password.
The --pass-encoding parameter enables apksigner to work with non-ASCII
password keystores/keys created on different OSes and/or in other
locales than the one in which apksigner is running. For example, this
enables apksigner on OSX and Linux (where the console and JVM default
encoding is UTF-8) to use a non-ASCII password keystore created by
keytool on English Windows, where the resulting password is encoded
using the ibm437 or windows-1252 encoding.
Test: Use keytool to create two JKS keystores protected using password
"ab¡äю1" (one where the password is read from the console, the
other where the password is provided on the command-line). Use
apksigner to sign an APK using these keystores, using Java 8 and
Java 9 (revision 181), providing the password via all four
methods supported by apksigner. Do this on Windows 10 (IBM437
console encoding, windows 1252 file/JVM default encoding, OSX
(UTF-8), and Linux (UTF-8).
Bug: 37135737
Bug: 37137869
Change-Id: Ia6fb0706e4bb3f0fd968373d113d457e8c6260c8
M src/apksigner/java/com/android/apksigner/ApkSignerTool.java
M src/apksigner/java/com/android/apksigner/PasswordRetriever.java
M src/apksigner/java/com/android/apksigner/help_sign.txt
https://android-review.googlesource.com/454516
https://goto.google.com/android-sha1/76d14b580f08fc3f84aaf3ebabdb7197bfbfcb2b
Branch: master
commit 76d14b580f08fc3f84aaf3ebabdb7197bfbfcb2b
Author: Alex Klyubin <klyubin@google.com>
Date: Tue Jul 25 13:38:52 2017
Add --pass-encoding parameter to apksigner
When keytool creates a KeyStore or key which is protected with a
password containing non-ASCII characters, keytool may encode the
password using the console's encoding or the JVM default encoding
instead of using the password verbatim, in its Unicode form. In
apksigner 0.5 support was added to handle this issue by having
apksigner try several variants of the password: verbatim/Unicode,
encoded using console encoding, and encoded using JVM default
encoding. Unfortunatly, there is no public API to obtain the
console's encoding. apksigner 0.5 cheated by accessing
Console.encoding field via Reflection API. This is no longer
advisable in Java 9 because access to such private API is brittle
and now leads to JVM warnings spewing on the standard output.
To make apksigner compatible with Java 9, apksigner's behavior is
being changed by this commit. apksigner no longer attempts to detect
console encoding on Java 9. Those users which use non-ASCII password
keystores/keys created by keytool in environments where console
encoding is not the same as the JVM default encoding, such as English
Windows where console encoding is ibm437 and JVM default encoding is
windows-1252, will need to pass in the new --pass-encoding <encoding>
parameter (e.g., --pass-encoding ibm437) to tell apksigner to try
a password variant encoded using that encoding, in addition to trying
the Unicode and JVM default encoding variants of the password.
The --pass-encoding parameter enables apksigner to work with non-ASCII
password keystores/keys created on different OSes and/or in other
locales than the one in which apksigner is running. For example, this
enables apksigner on OSX and Linux (where the console and JVM default
encoding is UTF-8) to use a non-ASCII password keystore created by
keytool on English Windows, where the resulting password is encoded
using the ibm437 or windows-1252 encoding.
Test: Use keytool to create two JKS keystores protected using password
"ab¡äю1" (one where the password is read from the console, the
other where the password is provided on the command-line). Use
apksigner to sign an APK using these keystores, using Java 8 and
Java 9 (revision 181), providing the password via all four
methods supported by apksigner. Do this on Windows 10 (IBM437
console encoding, windows 1252 file/JVM default encoding, OSX
(UTF-8), and Linux (UTF-8).
Bug: 37135737
Bug: 37137869
Change-Id: Ia6fb0706e4bb3f0fd968373d113d457e8c6260c8
M src/apksigner/java/com/android/apksigner/ApkSignerTool.java
M src/apksigner/java/com/android/apksigner/PasswordRetriever.java
M src/apksigner/java/com/android/apksigner/help_sign.txt
ap...@google.com <ap...@google.com> #27
Project: platform/tools/apksig
Branch: master
commit d0293c0891d9a945818b72123519455d3d374dd4
Author: Alex Klyubin <klyubin@google.com>
Date: Wed Aug 09 12:44:30 2017
Add missing final keyword
Two constants introduced in commit
9a435f125fd654c7c3ec815111f18988478cdc40 are missing the "final"
keyword. This commit fixes this typo.
Test: bazel test ...
Test: gradlew test
Bug: 37137869
Change-Id: I9a1011b16dfc60aabe494df073f532f17d63e9e5
M src/main/java/com/android/apksig/internal/apk/v1/V1SchemeVerifier.java
https://android-review.googlesource.com/455456
https://goto.google.com/android-sha1/d0293c0891d9a945818b72123519455d3d374dd4
Branch: master
commit d0293c0891d9a945818b72123519455d3d374dd4
Author: Alex Klyubin <klyubin@google.com>
Date: Wed Aug 09 12:44:30 2017
Add missing final keyword
Two constants introduced in commit
9a435f125fd654c7c3ec815111f18988478cdc40 are missing the "final"
keyword. This commit fixes this typo.
Test: bazel test ...
Test: gradlew test
Bug: 37137869
Change-Id: I9a1011b16dfc60aabe494df073f532f17d63e9e5
M src/main/java/com/android/apksig/internal/apk/v1/V1SchemeVerifier.java
ap...@google.com <ap...@google.com> #28
Project: platform/tools/apksig
Branch: master
commit 41ca1d3f507de47becdf57f0713f5deab93c645e
Author: Alex Klyubin <klyubin@google.com>
Date: Wed Aug 09 09:30:22 2017
Bump apksigner version to 0.8
Changes since 0.7:
* Java 9 support: apksig and apksigner compile and run on Java 9
* User-friendlier error when unsupported digest or signature
algorithm in JAR signature
* New --pass-encoding parameter to deal with KeyStores and keys
encrypted using non-ASCII passwords. Existing setups with apksigner
and non-ASCII password KeyStores/keys may need to start using this
parameter after the switch to Java 9. See 'apksigner sign' help page
for more information.
* RDNs in PKCS #7 SignerIdentifier are no longer re-encoded (e.g.,
from Utf8String to PrintableString). Instead, the referenced X.509
certificate's Issuer DN is used verbatim.
Test: apksigner version
Bug: 37135737
Bug: 37137869
Bug: 63525618
Change-Id: I4a4f9639a3c1c08b8c89b076e4bed5be6680b79a
M src/apksigner/java/com/android/apksigner/ApkSignerTool.java
https://android-review.googlesource.com/455217
https://goto.google.com/android-sha1/41ca1d3f507de47becdf57f0713f5deab93c645e
Branch: master
commit 41ca1d3f507de47becdf57f0713f5deab93c645e
Author: Alex Klyubin <klyubin@google.com>
Date: Wed Aug 09 09:30:22 2017
Bump apksigner version to 0.8
Changes since 0.7:
* Java 9 support: apksig and apksigner compile and run on Java 9
* User-friendlier error when unsupported digest or signature
algorithm in JAR signature
* New --pass-encoding parameter to deal with KeyStores and keys
encrypted using non-ASCII passwords. Existing setups with apksigner
and non-ASCII password KeyStores/keys may need to start using this
parameter after the switch to Java 9. See 'apksigner sign' help page
for more information.
* RDNs in PKCS #7 SignerIdentifier are no longer re-encoded (e.g.,
from Utf8String to PrintableString). Instead, the referenced X.509
certificate's Issuer DN is used verbatim.
Test: apksigner version
Bug: 37135737
Bug: 37137869
Bug: 63525618
Change-Id: I4a4f9639a3c1c08b8c89b076e4bed5be6680b79a
M src/apksigner/java/com/android/apksigner/ApkSignerTool.java
ap...@google.com <ap...@google.com> #29
Project: platform/build
Branch: master
commit 4012e648eab5bfd2d401f2a58977d2e88dcdb884
Author: Alex Klyubin <klyubin@google.com>
Date: Fri Jun 30 09:23:42 2017
Revert "Let signapk access internal APIs under OpenJDK 9 toolchain"
This reverts commit 9cc3c76abd9c8fa159616883e06526d56b5136e5 which
added command-line parameters to the invocation of SignApk to permit
it to access sun.** classes which are not accessible by default in
Java 9. This hack is no longer needed because SignApk no longer needs
this access because of tools/apksig commit
b40d3e4821bc9cb094b0ff13153340e3a0da1b3f which switched APK JAR
signature generation logic away from directly using sun.** classes.
Test: find out -name CtsPkgInstallTinyApp* | xargs rm -Rf
mmma -j74 cts/hostsidetests/appsecurity/test-apps/tinyapp
Test: find out -name CtsPkgInstallTinyApp* | xargs rm -Rf
EXPERIMENTAL_USE_OPENJDK9=target1.8 \
OVERRIDE_ANDROID_JAVA_HOME=<path to Java 9 SDK> \
PATH=${OVERRIDE_ANDROID_JAVA_HOME}/bin:${PATH} \
mmma -j74 cts/hostsidetests/appsecurity/test-apps/tinyapp
Bug: 37137869
Change-Id: I389c366f8a5bed56c496293bc871458adbedb0e8
M core/definitions.mk
https://android-review.googlesource.com/427700
https://goto.google.com/android-sha1/4012e648eab5bfd2d401f2a58977d2e88dcdb884
Branch: master
commit 4012e648eab5bfd2d401f2a58977d2e88dcdb884
Author: Alex Klyubin <klyubin@google.com>
Date: Fri Jun 30 09:23:42 2017
Revert "Let signapk access internal APIs under OpenJDK 9 toolchain"
This reverts commit 9cc3c76abd9c8fa159616883e06526d56b5136e5 which
added command-line parameters to the invocation of SignApk to permit
it to access sun.** classes which are not accessible by default in
Java 9. This hack is no longer needed because SignApk no longer needs
this access because of tools/apksig commit
b40d3e4821bc9cb094b0ff13153340e3a0da1b3f which switched APK JAR
signature generation logic away from directly using sun.** classes.
Test: find out -name CtsPkgInstallTinyApp* | xargs rm -Rf
mmma -j74 cts/hostsidetests/appsecurity/test-apps/tinyapp
Test: find out -name CtsPkgInstallTinyApp* | xargs rm -Rf
EXPERIMENTAL_USE_OPENJDK9=target1.8 \
OVERRIDE_ANDROID_JAVA_HOME=<path to Java 9 SDK> \
PATH=${OVERRIDE_ANDROID_JAVA_HOME}/bin:${PATH} \
mmma -j74 cts/hostsidetests/appsecurity/test-apps/tinyapp
Bug: 37137869
Change-Id: I389c366f8a5bed56c496293bc871458adbedb0e8
M core/
kl...@google.com <kl...@google.com> #30
All the changes have been made. We're now waiting for apksigner version 0.8 to be released in Android SDK Build Tools. Similarly, we're waiting for apksig library changes to be released on jCenter.
kl...@google.com <kl...@google.com> #31
apksigner 0.8 which was released in Android SDK Build Tools 26.0.2 is Java 9 compatible.
kl...@google.com <kl...@google.com> #32
We're still waiting for apksig library release on jCenter (https://bintray.com/android/android-tools/com.android.tools.build.apksig ). This is normally released whenever Android Plugin for Gradle is released.
kl...@google.com <kl...@google.com>
su...@insightauctions.org <su...@insightauctions.org> #33
So what do you guys think?
kl...@google.com <kl...@google.com> #34
About what?
kl...@google.com <kl...@google.com> #35
The changes in apksig library have been publicly released as apksig 3.0.0 in https://maven.google.com . Apparently, Android Plugin for Gradle (and thus apksig) are now released via this repository instead of via jCenter.
Description
Exception in thread "main" java.lang.IllegalAccessError: class com.android.apksig.internal.apk.v1.V1SchemeVerifier$Signer (in unnamed module @0x7921b0a2) cannot access class sun.security.pkcs.PKCS7 (in module java.base) because module java.base does not export sun.security.pkcs to unnamed module @0x7921b0a2
at com.android.apksig.internal.apk.v1.V1SchemeVerifier$Signer.verifySigBlockAgainstSigFile(V1SchemeVerifier.java:416)
at com.android.apksig.internal.apk.v1.V1SchemeVerifier$Signers.verify(V1SchemeVerifier.java:254)
at com.android.apksig.internal.apk.v1.V1SchemeVerifier$Signers.access$100(V1SchemeVerifier.java:141)
at com.android.apksig.internal.apk.v1.V1SchemeVerifier.verify(V1SchemeVerifier.java:101)
at com.android.apksig.ApkVerifier.verify(ApkVerifier.java:166)
at com.android.apksig.ApkVerifier.verify(ApkVerifier.java:103)
at com.android.apksigner.ApkSignerTool.verify(ApkSignerTool.java:374)
at com.android.apksigner.ApkSignerTool.main(ApkSignerTool.java:96)