Loading core/java/android/util/jar/StrictJarVerifier.java +14 −8 Original line number Diff line number Diff line Loading @@ -17,7 +17,7 @@ package android.util.jar; import java.io.ByteArrayInputStream; import android.util.apk.ApkSignatureSchemeV2Verifier; import java.io.IOException; import java.io.OutputStream; import java.nio.charset.StandardCharsets; Loading @@ -33,13 +33,9 @@ import java.util.Iterator; import java.util.List; import java.util.Locale; import java.util.Map; import java.util.Set; import java.util.StringTokenizer; import java.util.jar.Attributes; import java.util.jar.JarFile; import android.util.ArraySet; import android.util.apk.ApkSignatureSchemeV2Verifier; import libcore.io.Base64; import sun.security.jca.Providers; import sun.security.pkcs.PKCS7; import sun.security.pkcs.SignerInfo; Loading Loading @@ -139,7 +135,7 @@ class StrictJarVerifier { */ void verify() { byte[] d = digest.digest(); if (!MessageDigest.isEqual(d, Base64.decode(hash))) { if (!verifyMessageDigest(d, hash)) { throw invalidDigest(JarFile.MANIFEST_NAME, name, name); } verifiedEntries.put(name, certChains); Loading Loading @@ -490,12 +486,22 @@ class StrictJarVerifier { md.update(data, start, end - start); } byte[] b = md.digest(); byte[] hashBytes = hash.getBytes(StandardCharsets.ISO_8859_1); return MessageDigest.isEqual(b, Base64.decode(hashBytes)); byte[] encodedHashBytes = hash.getBytes(StandardCharsets.ISO_8859_1); return verifyMessageDigest(b, encodedHashBytes); } return ignorable; } private static boolean verifyMessageDigest(byte[] expected, byte[] encodedActual) { byte[] actual; try { actual = java.util.Base64.getDecoder().decode(encodedActual); } catch (IllegalArgumentException e) { return false; } return MessageDigest.isEqual(expected, actual); } /** * Returns all of the {@link java.security.cert.Certificate} chains that * were used to verify the signature on the JAR entry called Loading services/core/java/com/android/server/pm/ShortcutPackageInfo.java +6 −3 Original line number Diff line number Diff line Loading @@ -21,7 +21,6 @@ import android.util.Slog; import com.android.server.backup.BackupUtils; import libcore.io.Base64; import libcore.util.HexEncoding; import org.xmlpull.v1.XmlPullParser; Loading @@ -31,6 +30,7 @@ import org.xmlpull.v1.XmlSerializer; import java.io.IOException; import java.io.PrintWriter; import java.util.ArrayList; import java.util.Base64; /** * Package information used by {@link android.content.pm.ShortcutManager} for backup / restore. Loading Loading @@ -143,7 +143,8 @@ class ShortcutPackageInfo { for (int i = 0; i < mSigHashes.size(); i++) { out.startTag(null, TAG_SIGNATURE); ShortcutService.writeAttr(out, ATTR_SIGNATURE_HASH, Base64.encode(mSigHashes.get(i))); final String encoded = Base64.getEncoder().encodeToString(mSigHashes.get(i)); ShortcutService.writeAttr(out, ATTR_SIGNATURE_HASH, encoded); out.endTag(null, TAG_SIGNATURE); } out.endTag(null, TAG_ROOT); Loading Loading @@ -175,7 +176,9 @@ class ShortcutPackageInfo { case TAG_SIGNATURE: { final String hash = ShortcutService.parseStringAttribute( parser, ATTR_SIGNATURE_HASH); hashes.add(Base64.decode(hash.getBytes())); // Throws IllegalArgumentException if hash is invalid base64 data final byte[] decoded = Base64.getDecoder().decode(hash); hashes.add(decoded); continue; } } Loading Loading
core/java/android/util/jar/StrictJarVerifier.java +14 −8 Original line number Diff line number Diff line Loading @@ -17,7 +17,7 @@ package android.util.jar; import java.io.ByteArrayInputStream; import android.util.apk.ApkSignatureSchemeV2Verifier; import java.io.IOException; import java.io.OutputStream; import java.nio.charset.StandardCharsets; Loading @@ -33,13 +33,9 @@ import java.util.Iterator; import java.util.List; import java.util.Locale; import java.util.Map; import java.util.Set; import java.util.StringTokenizer; import java.util.jar.Attributes; import java.util.jar.JarFile; import android.util.ArraySet; import android.util.apk.ApkSignatureSchemeV2Verifier; import libcore.io.Base64; import sun.security.jca.Providers; import sun.security.pkcs.PKCS7; import sun.security.pkcs.SignerInfo; Loading Loading @@ -139,7 +135,7 @@ class StrictJarVerifier { */ void verify() { byte[] d = digest.digest(); if (!MessageDigest.isEqual(d, Base64.decode(hash))) { if (!verifyMessageDigest(d, hash)) { throw invalidDigest(JarFile.MANIFEST_NAME, name, name); } verifiedEntries.put(name, certChains); Loading Loading @@ -490,12 +486,22 @@ class StrictJarVerifier { md.update(data, start, end - start); } byte[] b = md.digest(); byte[] hashBytes = hash.getBytes(StandardCharsets.ISO_8859_1); return MessageDigest.isEqual(b, Base64.decode(hashBytes)); byte[] encodedHashBytes = hash.getBytes(StandardCharsets.ISO_8859_1); return verifyMessageDigest(b, encodedHashBytes); } return ignorable; } private static boolean verifyMessageDigest(byte[] expected, byte[] encodedActual) { byte[] actual; try { actual = java.util.Base64.getDecoder().decode(encodedActual); } catch (IllegalArgumentException e) { return false; } return MessageDigest.isEqual(expected, actual); } /** * Returns all of the {@link java.security.cert.Certificate} chains that * were used to verify the signature on the JAR entry called Loading
services/core/java/com/android/server/pm/ShortcutPackageInfo.java +6 −3 Original line number Diff line number Diff line Loading @@ -21,7 +21,6 @@ import android.util.Slog; import com.android.server.backup.BackupUtils; import libcore.io.Base64; import libcore.util.HexEncoding; import org.xmlpull.v1.XmlPullParser; Loading @@ -31,6 +30,7 @@ import org.xmlpull.v1.XmlSerializer; import java.io.IOException; import java.io.PrintWriter; import java.util.ArrayList; import java.util.Base64; /** * Package information used by {@link android.content.pm.ShortcutManager} for backup / restore. Loading Loading @@ -143,7 +143,8 @@ class ShortcutPackageInfo { for (int i = 0; i < mSigHashes.size(); i++) { out.startTag(null, TAG_SIGNATURE); ShortcutService.writeAttr(out, ATTR_SIGNATURE_HASH, Base64.encode(mSigHashes.get(i))); final String encoded = Base64.getEncoder().encodeToString(mSigHashes.get(i)); ShortcutService.writeAttr(out, ATTR_SIGNATURE_HASH, encoded); out.endTag(null, TAG_SIGNATURE); } out.endTag(null, TAG_ROOT); Loading Loading @@ -175,7 +176,9 @@ class ShortcutPackageInfo { case TAG_SIGNATURE: { final String hash = ShortcutService.parseStringAttribute( parser, ATTR_SIGNATURE_HASH); hashes.add(Base64.decode(hash.getBytes())); // Throws IllegalArgumentException if hash is invalid base64 data final byte[] decoded = Base64.getDecoder().decode(hash); hashes.add(decoded); continue; } } Loading
