apksigner unable to handle aliases that begin with less than four characters followed by a space on Windows [38132450]

Fixed

Bug

Status Update

No update yet.

Description

[Deleted User]

created issue #1

May 8, 2017 09:15PM

On Windows, apksigner says that unexpected characters were present if the alias name begins with less than four characters followed by a space (e.g. "bug apksigner test"). This is a valid alias name, but apksigner seems to have difficulty parsing it on Windows. This issue does not happen on the Linux version of apksigner.

Below is a contrived example to demonstrate the issue, as well as the working version on a Linux system. Since the keystore and APK passed in do not exist, the expected result is a FileNotFoundException. This was chosen to remove any possibility of malformed files interfering with the result, but the issue was first observed with a real keystore and APK.

***Windows Server 2008 R2***

C:\>java -version
java version "1.8.0_131"
Java(TM) SE Runtime Environment (build 1.8.0_131-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.131-b11, mixed mode)

C:\>"C:\Program Files (x86)\Android\android-sdk\build-tools\25.0.3\apksigner" --version

0.5

C:\>"C:\Program Files (x86)\Android\android-sdk\build-tools\25.0.3\apksigner" sign --ks "nonexistent.jks" --ks-pass pass:123123 --ks-key-alias "bug apksigner test" nonexistent.apk

a was unexpected at this time.

C:\>"C:\Program Files (x86)\Android\android-sdk\build-tools\25.0.3\apksigner" sign --ks "nonexistent.jks" --ks-pass pass:123123 --ks-key-alias "b apksigner test" nonexistent.apk

apk was unexpected at this time.

C:\>"C:\Program Files (x86)\Android\android-sdk\build-tools\25.0.3\apksigner" sign --ks "nonexistent.jks" --ks-pass pass:123123 --ks-key-alias "bugr apksigner test" nonexistent.apk

Failed to load signer "signer #1"
java.io.FileNotFoundException: nonexistent.jks (The system cannot find the file specified)
at java.io.FileInputStream.open0(Native Method)
at java.io.FileInputStream.open(FileInputStream.java:195)
at java.io.FileInputStream.<init>(FileInputStream.java:138)
at java.io.FileInputStream.<init>(FileInputStream.java:93)
at com.android.apksigner.ApkSignerTool$SignerParams.loadKeyStoreFromFile(ApkSignerTool.java:733)
at com.android.apksigner.ApkSignerTool$SignerParams.loadPrivateKeyAndCertsFromKeyStore(ApkSignerTool.java:636)
at com.android.apksigner.ApkSignerTool$SignerParams.loadPrivateKeyAndCerts(ApkSignerTool.java:580)
at com.android.apksigner.ApkSignerTool$SignerParams.access$200(ApkSignerTool.java:534)
at com.android.apksigner.ApkSignerTool.sign(ApkSignerTool.java:229)
at com.android.apksigner.ApkSignerTool.main(ApkSignerTool.java:87)

***Ubuntu 16.04***

> java -version
java version "1.8.0_131"
Java(TM) SE Runtime Environment (build 1.8.0_131-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.131-b11, mixed mode)

> /opt/android-sdk/build-tools/25.0.3/apksigner --version

0.5

> /opt/android-sdk/build-tools/25.0.3/apksigner sign --ks "nonexistent.jks" --ks-pass pass:123123 --ks-key-alias "bug apksigner test" nonexistent.apk

Failed to load signer "signer #1"
java.io.FileNotFoundException: nonexistent.jks (No such file or directory)
at java.io.FileInputStream.open0(Native Method)
at java.io.FileInputStream.open(FileInputStream.java:195)
at java.io.FileInputStream.<init>(FileInputStream.java:138)
at java.io.FileInputStream.<init>(FileInputStream.java:93)
at com.android.apksigner.ApkSignerTool$SignerParams.loadKeyStoreFromFile(ApkSignerTool.java:733)
at com.android.apksigner.ApkSignerTool$SignerParams.loadPrivateKeyAndCertsFromKeyStore(ApkSignerTool.java:636)
at com.android.apksigner.ApkSignerTool$SignerParams.loadPrivateKeyAndCerts(ApkSignerTool.java:580)
at com.android.apksigner.ApkSignerTool$SignerParams.access$200(ApkSignerTool.java:534)
at com.android.apksigner.ApkSignerTool.sign(ApkSignerTool.java:229)
at com.android.apksigner.ApkSignerTool.main(ApkSignerTool.java:87)

Comments

en...@google.com <en...@google.com> May 10, 2017 06:20PM

Assigned to kl...@google.com.

kl...@google.com <kl...@google.com> #2May 11, 2017 12:02AM

Accepted by kl...@google.com.

Thank you very much for reporting this issue, Jack. Looks like the issue is caused by somewhat unnecessary and contrived logic in apksigner.bat, which is special-casing -J* parameters. Unfortunately, this logic doesn't handle whitespace containing parameters, even those which aren't -J*.

I've uploaded a tentative fix

https://android-review.googlesource.com/#/c/394238/ for review. The patched apksigner.bat is attached. This fixes the issue on my Windows 10 box.

Jack, please test the fix in your environment and let us know whether it works for you too.

apksigner.bat

2.7 KB

Download

[Deleted User] <[Deleted User]> #3May 11, 2017 05:41PM

Confirmed, that fix works. Thank you for the quick turn-around on this.

ap...@google.com <ap...@google.com> #4May 22, 2017 07:54PM

Project: platform/tools/apksig
Branch: master

commit b293b2087837853e32a1cff008d58644dbbd4cc2
Author: Alex Klyubin <klyubin@google.com>
Date: Wed May 10 16:53:25 2017

Handle whitespace when removing -J* parameters in .bat

apksigner.bat contains special logic for -J* parameters. This logic
was not designed to handle parameters containing whitespace. This
commit fixes the issue. It is unclear whether this -J* logic is even
needed. So, if it keeps breaking stuff, we should probably simply
remove it.

Test: apksigner sign --ks "nonexistent.jks" --ks-pass pass:123123 --ks-key-alias "bug apksigner test" nonexistent.apk
Fails with FileNotFoundException instead of "a was unexpected at this time"
Bug: 38132450

Change-Id: Ice3294e9993b075533c77d94eb870cfd35a65bbc

M etc/apksigner.bat

https://android-review.googlesource.com/394238

https://goto.google.com/android-sha1/b293b2087837853e32a1cff008d58644dbbd4cc2

ap...@google.com <ap...@google.com> #5Jun 22, 2017 06:56PM

Project: platform/tools/apksig
Branch: master

commit 0f88b97634034673f062a8ac6c3dab7d3d9befe3
Author: Alex Klyubin <klyubin@google.com>
Date: Thu Jun 22 09:43:22 2017

Bump apksigner version to 0.7

Changes since 0.6:
* Fixed a bug in whitespace handling in command-line parameters in
apksigner.bat.

https://issuetracker.google.com/issues/38132450
* Fixed a bug in JAR signature verification when multiple digests
are present for the same named entry in MANIFEST.MF.

https://issuetracker.google.com/issues/38497270
* Honor android:targetSandboxVersion (introduced in Android O) when
verifying APKs. When android:targetSandboxVersion is set to 2 or
higher, the APK is required to be signed with APK Signature Scheme
v2.
* When signing, reject APKs with CR, LF or NUL in ZIP entry names.
Such names are not permitted by the JAR siging spec and are also
rejected by Android Package Manager.

Test: apksigner version
Bug: 38132450
Bug: 38497270
Bug: 36426653
Bug: 62211230
Change-Id: Ifa120b0e43b458c99c3da6fde1136e0cbb92caee

M src/apksigner/java/com/android/apksigner/ApkSignerTool.java

https://android-review.googlesource.com/420784

https://goto.google.com/android-sha1/0f88b97634034673f062a8ac6c3dab7d3d9befe3

kl...@google.com <kl...@google.com> #6Jul 25, 2017 07:34PM

Marked as fixed.

The fix has been released in apksigner 0.7, released as part of Android SDK Build Tools 26.0.1.

Issue 38132450