Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1bc76ef0 authored by Alex Buynytskyy's avatar Alex Buynytskyy
Browse files

Refactor to use SigningDetails instead of Singature[]. 

A preparation for adding sha256 digest to SigningDetails.
This is almost a no-op. There is a minor change in V1 parsing.

Bug: 297916136
Test: presubmit
Change-Id: I105457da082572830eae650af7aacbcd41541966
parent 35a14dbe

core/java/android/content/pm/PackageParser.java

+6 −5
Original line number Diff line number Diff line
@@ -1445,7 +1445,7 @@ public class PackageParser { 
                    verified.getPublicKeys(),

                    verified.getPastSigningCertificates());

        } else {

            if (!Signature.areExactMatch(pkg.mSigningDetails.signatures,

            if (!Signature.areExactArraysMatch(pkg.mSigningDetails.signatures,

                    verified.getSignatures())) {

                throw new PackageParserException(

                        INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES,
@@ -6468,7 +6468,7 @@ public class PackageParser { 
                    }

                }

            } else {

                return Signature.areEffectiveMatch(oldDetails.signatures, signatures);

                return Signature.areEffectiveArraysMatch(oldDetails.signatures, signatures);

            }

            return false;

        }
@@ -6616,7 +6616,7 @@ public class PackageParser { 


        /** Returns true if the signatures in this and other match exactly. */

        public boolean signaturesMatchExactly(SigningDetails other) {

            return Signature.areExactMatch(this.signatures, other.signatures);

            return Signature.areExactArraysMatch(this.signatures, other.signatures);

        }



        @Override
@@ -6668,7 +6668,7 @@ public class PackageParser { 
            SigningDetails that = (SigningDetails) o;



            if (signatureSchemeVersion != that.signatureSchemeVersion) return false;

            if (!Signature.areExactMatch(signatures, that.signatures)) return false;

            if (!Signature.areExactArraysMatch(signatures, that.signatures)) return false;

            if (publicKeys != null) {

                if (!publicKeys.equals((that.publicKeys))) {

                    return false;
@@ -6677,7 +6677,8 @@ public class PackageParser { 
                return false;

            }



            // can't use Signature.areExactMatch() because order matters with the past signing certs

            // can't use Signature.areExactArraysMatch() because order matters with the past

            // signing certs

            if (!Arrays.equals(pastSigningCertificates, that.pastSigningCertificates)) {

                return false;

            }

core/java/android/content/pm/Signature.java

+25 −4
Original line number Diff line number Diff line
@@ -306,12 +306,28 @@ public class Signature implements Parcelable { 
        mSignature = source.createByteArray();

    }



    /**

     * Test if given {@link SigningDetails} are exactly equal.

     * @hide

     */

    public static boolean areExactMatch(SigningDetails ad, SigningDetails bd) {

        return areExactArraysMatch(ad.getSignatures(), bd.getSignatures());

    }



    /**

     * Test if given {@link SigningDetails} and {@link Signature} set are exactly equal.

     * @hide

     */

    public static boolean areExactMatch(SigningDetails ad, Signature[] b) {

        return areExactArraysMatch(ad.getSignatures(), b);

    }





    /**

     * Test if given {@link Signature} sets are exactly equal.

     *

     * @hide

     */

    public static boolean areExactMatch(Signature[] a, Signature[] b) {

    static boolean areExactArraysMatch(Signature[] a, Signature[] b) {

        return (ArrayUtils.size(a) == ArrayUtils.size(b)) && ArrayUtils.containsAll(a, b)

                && ArrayUtils.containsAll(b, a);

    }
@@ -329,7 +345,12 @@ public class Signature implements Parcelable { 
     *             substantially, usually a signal of something fishy going on.

     * @hide

     */

    public static boolean areEffectiveMatch(Signature[] a, Signature[] b)

    public static boolean areEffectiveMatch(SigningDetails a, SigningDetails b)

            throws CertificateException {

        return areEffectiveArraysMatch(a.getSignatures(), b.getSignatures());

    }



    static boolean areEffectiveArraysMatch(Signature[] a, Signature[] b)

            throws CertificateException {

        final CertificateFactory cf = CertificateFactory.getInstance("X.509");
@@ -342,7 +363,7 @@ public class Signature implements Parcelable { 
            bPrime[i] = bounce(cf, b[i]);

        }



        return areExactMatch(aPrime, bPrime);

        return areExactArraysMatch(aPrime, bPrime);

    }



    /**

core/java/android/content/pm/SigningDetails.java

+3 −3
Original line number Diff line number Diff line
@@ -656,7 +656,7 @@ public final class SigningDetails implements Parcelable { 
                }

            }

        } else {

            return Signature.areEffectiveMatch(oldDetails.mSignatures, mSignatures);

            return Signature.areEffectiveMatch(oldDetails, this);

        }

        return false;

    }
@@ -800,7 +800,7 @@ public final class SigningDetails implements Parcelable { 


    /** Returns true if the signatures in this and other match exactly. */

    public boolean signaturesMatchExactly(@NonNull SigningDetails other) {

        return Signature.areExactMatch(mSignatures, other.mSignatures);

        return Signature.areExactMatch(this, other);

    }



    @Override
@@ -853,7 +853,7 @@ public final class SigningDetails implements Parcelable { 
        final SigningDetails that = (SigningDetails) o;



        if (mSignatureSchemeVersion != that.mSignatureSchemeVersion) return false;

        if (!Signature.areExactMatch(mSignatures, that.mSignatures)) return false;

        if (!Signature.areExactMatch(this, that)) return false;

        if (mPublicKeys != null) {

            if (!mPublicKeys.equals((that.mPublicKeys))) {

                return false;

core/java/android/content/pm/parsing/FrameworkParsingPackageUtils.java

+2 −2
Original line number Diff line number Diff line
@@ -253,8 +253,8 @@ public class FrameworkParsingPackageUtils { 
        if (existingSigningDetails == SigningDetails.UNKNOWN) {

            return verified;

        } else {

            if (!Signature.areExactMatch(existingSigningDetails.getSignatures(),

                    verified.getResult().getSignatures())) {

            if (!Signature.areExactMatch(existingSigningDetails,

                    verified.getResult())) {

                return input.error(INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES,

                        baseCodePath + " has mismatched certificates");

            }

core/java/android/util/apk/ApkSignatureVerifier.java

+2 −1
Original line number Diff line number Diff line
@@ -48,6 +48,7 @@ import java.security.NoSuchAlgorithmException; 
import java.security.cert.Certificate;

import java.security.cert.CertificateEncodingException;

import java.util.ArrayList;

import java.util.Arrays;

import java.util.Iterator;

import java.util.List;

import java.util.Map;
@@ -428,7 +429,7 @@ public class ApkSignatureVerifier { 


                    // make sure all entries use the same signing certs

                    final Signature[] entrySigs = convertToSignatures(entryCerts);

                    if (!Signature.areExactMatch(lastSigs, entrySigs)) {

                    if (!Arrays.equals(lastSigs, entrySigs)) {

                        return input.error(

                                INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES,

                                "Package " + apkPath + " has mismatched certificates at entry "