diff options
Diffstat (limited to 'android/content/pm/SigningInfo.java')
-rw-r--r-- | android/content/pm/SigningInfo.java | 139 |
1 files changed, 139 insertions, 0 deletions
diff --git a/android/content/pm/SigningInfo.java b/android/content/pm/SigningInfo.java new file mode 100644 index 00000000..ef874035 --- /dev/null +++ b/android/content/pm/SigningInfo.java @@ -0,0 +1,139 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.content.pm; + + +import android.annotation.NonNull; +import android.os.Parcel; +import android.os.Parcelable; + +/** + * Information pertaining to the signing certificates used to sign a package. + */ +public final class SigningInfo implements Parcelable { + + @NonNull + private final PackageParser.SigningDetails mSigningDetails; + + public SigningInfo() { + mSigningDetails = PackageParser.SigningDetails.UNKNOWN; + } + + /** + * @hide only packagemanager should be populating this + */ + public SigningInfo(PackageParser.SigningDetails signingDetails) { + mSigningDetails = new PackageParser.SigningDetails(signingDetails); + } + + public SigningInfo(SigningInfo orig) { + mSigningDetails = new PackageParser.SigningDetails(orig.mSigningDetails); + } + + private SigningInfo(Parcel source) { + mSigningDetails = PackageParser.SigningDetails.CREATOR.createFromParcel(source); + } + + /** + * Although relatively uncommon, packages may be signed by more than one signer, in which case + * their identity is viewed as being the set of all signers, not just any one. + */ + public boolean hasMultipleSigners() { + return mSigningDetails.signatures != null && mSigningDetails.signatures.length > 1; + } + + /** + * APK Signature Scheme v3 enables packages to provide a proof-of-rotation record that the + * platform verifies, and uses, to allow the use of new signing certificates. This is only + * available to packages that are not signed by multiple signers. In the event of a change to a + * new signing certificate, the package's past signing certificates are presented as well. Any + * check of a package's signing certificate should also include a search through its entire + * signing history, since it could change to a new signing certificate at any time. + */ + public boolean hasPastSigningCertificates() { + return mSigningDetails.signatures != null + && mSigningDetails.pastSigningCertificates != null; + } + + /** + * Returns the signing certificates this package has proven it is authorized to use. This + * includes both the signing certificate associated with the signer of the package and the past + * signing certificates it included as its proof of signing certificate rotation. This method + * is the preferred replacement for the {@code GET_SIGNATURES} flag used with {@link + * PackageManager#getPackageInfo(String, int)}. When determining if a package is signed by a + * desired certificate, the returned array should be checked to determine if it is one of the + * entries. + * + * <note> + * This method returns null if the package is signed by multiple signing certificates, as + * opposed to being signed by one current signer and also providing the history of past + * signing certificates. {@link #hasMultipleSigners()} may be used to determine if this + * package is signed by multiple signers. Packages which are signed by multiple signers + * cannot change their signing certificates and their {@code Signature} array should be + * checked to make sure that every entry matches the looked-for signing certificates. + * </note> + */ + public Signature[] getSigningCertificateHistory() { + if (hasMultipleSigners()) { + return null; + } else if (!hasPastSigningCertificates()) { + + // this package is only signed by one signer with no history, return it + return mSigningDetails.signatures; + } else { + + // this package has provided proof of past signing certificates, include them + return mSigningDetails.pastSigningCertificates; + } + } + + /** + * Returns the signing certificates used to sign the APK contents of this application. Not + * including any past signing certificates the package proved it is authorized to use. + * <note> + * This method should not be used unless {@link #hasMultipleSigners()} returns true, + * indicating that {@link #getSigningCertificateHistory()} cannot be used, otherwise {@link + * #getSigningCertificateHistory()} should be preferred. + * </note> + */ + public Signature[] getApkContentsSigners() { + return mSigningDetails.signatures; + } + + @Override + public int describeContents() { + return 0; + } + + @Override + public void writeToParcel(Parcel dest, int parcelableFlags) { + mSigningDetails.writeToParcel(dest, parcelableFlags); + } + + public static final Parcelable.Creator<SigningInfo> CREATOR = + new Parcelable.Creator<SigningInfo>() { + @Override + public SigningInfo createFromParcel(Parcel source) { + return new SigningInfo(source); + } + + @Override + public SigningInfo[] newArray(int size) { + return new SigningInfo[size]; + } + }; +} |