Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 087cf41e authored by Yurii Zubrytskyi's avatar Yurii Zubrytskyi Committed by Alex Buynytskyy
Browse files

[framework] Extract v3 digest for v4 checking correctly 

Use the same ordering of digest algorithms as the apksigner and
the general v3 checking do.

Test: adb install --incremental <apk> with v4 signature
Bug: b/151241461
Change-Id: I5c4c8339d7fd2ba127bd0f453efc9c04a8be7ac7
parent 4af7ee3e

core/java/android/util/apk/ApkSignatureSchemeV3Verifier.java

+14 −5
Original line number Diff line number Diff line
@@ -213,15 +213,24 @@ public class ApkSignatureSchemeV3Verifier { 
                    verityDigest, apk.length(), signatureInfo);

        }



        if (contentDigests.containsKey(CONTENT_DIGEST_CHUNKED_SHA512)) {

            result.digest = contentDigests.get(CONTENT_DIGEST_CHUNKED_SHA512);

        } else if (contentDigests.containsKey(CONTENT_DIGEST_CHUNKED_SHA256)) {

            result.digest = contentDigests.get(CONTENT_DIGEST_CHUNKED_SHA256);

        }

        result.digest = pickBestV3DigestForV4(contentDigests);



        return result;

    }



    // Keep in sync with pickBestV3DigestForV4 in apksigner.V3SchemeVerifier.

    private static byte[] pickBestV3DigestForV4(Map<Integer, byte[]> contentDigests) {

        final int[] orderedContentDigestTypes =

                {CONTENT_DIGEST_CHUNKED_SHA512, CONTENT_DIGEST_VERITY_CHUNKED_SHA256,

                        CONTENT_DIGEST_CHUNKED_SHA256};

        for (int contentDigestType : orderedContentDigestTypes) {

            if (contentDigests.containsKey(contentDigestType)) {

                return contentDigests.get(contentDigestType);

            }

        }

        return null;

    }



    private static VerifiedSigner verifySigner(

            ByteBuffer signerBlock,

            Map<Integer, byte[]> contentDigests,