Loading core/java/android/util/apk/ApkSignatureSchemeV3Verifier.java +8 −0 Original line number Diff line number Diff line Loading @@ -62,6 +62,7 @@ import java.security.spec.InvalidKeySpecException; import java.security.spec.X509EncodedKeySpec; import java.util.ArrayList; import java.util.Arrays; import java.util.HashSet; import java.util.List; import java.util.Map; Loading Loading @@ -457,6 +458,7 @@ public class ApkSignatureSchemeV3Verifier { // get the version code, but don't do anything with it: creator knew about all our flags porBuf.getInt(); HashSet<X509Certificate> certHistorySet = new HashSet<>(); while (porBuf.hasRemaining()) { levelCount++; ByteBuffer level = getLengthPrefixedSlice(porBuf); Loading Loading @@ -495,6 +497,12 @@ public class ApkSignatureSchemeV3Verifier { lastCert = new VerbatimX509Certificate(lastCert, encodedCert); lastSigAlgorithm = sigAlgorithm; if (certHistorySet.contains(lastCert)) { throw new SecurityException("Encountered duplicate entries in " + "Proof-of-rotation record at certificate #" + levelCount + ". All " + "signing certificates should be unique"); } certHistorySet.add(lastCert); certs.add(lastCert); flagsList.add(flags); } Loading core/java/android/util/apk/VerbatimX509Certificate.java +28 −0 Original line number Diff line number Diff line Loading @@ -18,6 +18,7 @@ package android.util.apk; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.util.Arrays; /** * For legacy reasons we need to return exactly the original encoded certificate bytes, instead Loading @@ -25,6 +26,7 @@ import java.security.cert.X509Certificate; */ class VerbatimX509Certificate extends WrappedX509Certificate { private final byte[] mEncodedVerbatim; private int mHash = -1; VerbatimX509Certificate(X509Certificate wrapped, byte[] encodedVerbatim) { super(wrapped); Loading @@ -35,4 +37,30 @@ class VerbatimX509Certificate extends WrappedX509Certificate { public byte[] getEncoded() throws CertificateEncodingException { return mEncodedVerbatim; } @Override public boolean equals(Object o) { if (this == o) return true; if (!(o instanceof VerbatimX509Certificate)) return false; try { byte[] a = this.getEncoded(); byte[] b = ((VerbatimX509Certificate) o).getEncoded(); return Arrays.equals(a, b); } catch (CertificateEncodingException e) { return false; } } @Override public int hashCode() { if (mHash == -1) { try { mHash = Arrays.hashCode(this.getEncoded()); } catch (CertificateEncodingException e) { mHash = 0; } } return mHash; } } Loading
core/java/android/util/apk/ApkSignatureSchemeV3Verifier.java +8 −0 Original line number Diff line number Diff line Loading @@ -62,6 +62,7 @@ import java.security.spec.InvalidKeySpecException; import java.security.spec.X509EncodedKeySpec; import java.util.ArrayList; import java.util.Arrays; import java.util.HashSet; import java.util.List; import java.util.Map; Loading Loading @@ -457,6 +458,7 @@ public class ApkSignatureSchemeV3Verifier { // get the version code, but don't do anything with it: creator knew about all our flags porBuf.getInt(); HashSet<X509Certificate> certHistorySet = new HashSet<>(); while (porBuf.hasRemaining()) { levelCount++; ByteBuffer level = getLengthPrefixedSlice(porBuf); Loading Loading @@ -495,6 +497,12 @@ public class ApkSignatureSchemeV3Verifier { lastCert = new VerbatimX509Certificate(lastCert, encodedCert); lastSigAlgorithm = sigAlgorithm; if (certHistorySet.contains(lastCert)) { throw new SecurityException("Encountered duplicate entries in " + "Proof-of-rotation record at certificate #" + levelCount + ". All " + "signing certificates should be unique"); } certHistorySet.add(lastCert); certs.add(lastCert); flagsList.add(flags); } Loading
core/java/android/util/apk/VerbatimX509Certificate.java +28 −0 Original line number Diff line number Diff line Loading @@ -18,6 +18,7 @@ package android.util.apk; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.util.Arrays; /** * For legacy reasons we need to return exactly the original encoded certificate bytes, instead Loading @@ -25,6 +26,7 @@ import java.security.cert.X509Certificate; */ class VerbatimX509Certificate extends WrappedX509Certificate { private final byte[] mEncodedVerbatim; private int mHash = -1; VerbatimX509Certificate(X509Certificate wrapped, byte[] encodedVerbatim) { super(wrapped); Loading @@ -35,4 +37,30 @@ class VerbatimX509Certificate extends WrappedX509Certificate { public byte[] getEncoded() throws CertificateEncodingException { return mEncodedVerbatim; } @Override public boolean equals(Object o) { if (this == o) return true; if (!(o instanceof VerbatimX509Certificate)) return false; try { byte[] a = this.getEncoded(); byte[] b = ((VerbatimX509Certificate) o).getEncoded(); return Arrays.equals(a, b); } catch (CertificateEncodingException e) { return false; } } @Override public int hashCode() { if (mHash == -1) { try { mHash = Arrays.hashCode(this.getEncoded()); } catch (CertificateEncodingException e) { mHash = 0; } } return mHash; } }
