1 files changed, 139 insertions, 0 deletions
diff --git a/android/content/pm/SigningInfo.java b/android/content/pm/SigningInfo.java
new file mode 100644
index 00000000..ef874035
--- /dev/null
+++ b/android/content/pm/SigningInfo.java
@@ -0,0 +1,139 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.content.pm;
+
+
+import android.annotation.NonNull;
+import android.os.Parcel;
+import android.os.Parcelable;
+
+/**
+ * Information pertaining to the signing certificates used to sign a package.
+ */
+public final class SigningInfo implements Parcelable {
+
+    @NonNull
+    private final PackageParser.SigningDetails mSigningDetails;
+
+    public SigningInfo() {
+        mSigningDetails = PackageParser.SigningDetails.UNKNOWN;
+    }
+
+    /**
+     * @hide only packagemanager should be populating this
+     */
+    public SigningInfo(PackageParser.SigningDetails signingDetails) {
+        mSigningDetails = new PackageParser.SigningDetails(signingDetails);
+    }
+
+    public SigningInfo(SigningInfo orig) {
+        mSigningDetails = new PackageParser.SigningDetails(orig.mSigningDetails);
+    }
+
+    private SigningInfo(Parcel source) {
+        mSigningDetails = PackageParser.SigningDetails.CREATOR.createFromParcel(source);
+    }
+
+    /**
+     * Although relatively uncommon, packages may be signed by more than one signer, in which case
+     * their identity is viewed as being the set of all signers, not just any one.
+     */
+    public boolean hasMultipleSigners() {
+        return mSigningDetails.signatures != null && mSigningDetails.signatures.length > 1;
+    }
+
+    /**
+     * APK Signature Scheme v3 enables packages to provide a proof-of-rotation record that the
+     * platform verifies, and uses, to allow the use of new signing certificates.  This is only
+     * available to packages that are not signed by multiple signers.  In the event of a change to a
+     * new signing certificate, the package's past signing certificates are presented as well.  Any
+     * check of a package's signing certificate should also include a search through its entire
+     * signing history, since it could change to a new signing certificate at any time.
+     */
+    public boolean hasPastSigningCertificates() {
+        return mSigningDetails.signatures != null
+                && mSigningDetails.pastSigningCertificates != null;
+    }
+
+    /**
+     * Returns the signing certificates this package has proven it is authorized to use. This
+     * includes both the signing certificate associated with the signer of the package and the past
+     * signing certificates it included as its proof of signing certificate rotation.  This method
+     * is the preferred replacement for the {@code GET_SIGNATURES} flag used with {@link
+     * PackageManager#getPackageInfo(String, int)}.  When determining if a package is signed by a
+     * desired certificate, the returned array should be checked to determine if it is one of the
+     * entries.
+     *
+     * <note>
+     *     This method returns null if the package is signed by multiple signing certificates, as
+     *     opposed to being signed by one current signer and also providing the history of past
+     *     signing certificates.  {@link #hasMultipleSigners()} may be used to determine if this
+     *     package is signed by multiple signers.  Packages which are signed by multiple signers
+     *     cannot change their signing certificates and their {@code Signature} array should be
+     *     checked to make sure that every entry matches the looked-for signing certificates.
+     * </note>
+     */
+    public Signature[] getSigningCertificateHistory() {
+        if (hasMultipleSigners()) {
+            return null;
+        } else if (!hasPastSigningCertificates()) {
+
+            // this package is only signed by one signer with no history, return it
+            return mSigningDetails.signatures;
+        } else {
+
+            // this package has provided proof of past signing certificates, include them
+            return mSigningDetails.pastSigningCertificates;
+        }
+    }
+
+    /**
+     * Returns the signing certificates used to sign the APK contents of this application.  Not
+     * including any past signing certificates the package proved it is authorized to use.
+     * <note>
+     *     This method should not be used unless {@link #hasMultipleSigners()} returns true,
+     *     indicating that {@link #getSigningCertificateHistory()} cannot be used, otherwise {@link
+     *     #getSigningCertificateHistory()} should be preferred.
+     * </note>
+     */
+    public Signature[] getApkContentsSigners() {
+        return mSigningDetails.signatures;
+    }
+
+    @Override
+    public int describeContents() {
+        return 0;
+    }
+
+    @Override
+    public void writeToParcel(Parcel dest, int parcelableFlags) {
+        mSigningDetails.writeToParcel(dest, parcelableFlags);
+    }
+
+    public static final Parcelable.Creator<SigningInfo> CREATOR =
+            new Parcelable.Creator<SigningInfo>() {
+        @Override
+        public SigningInfo createFromParcel(Parcel source) {
+            return new SigningInfo(source);
+        }
+
+        @Override
+        public SigningInfo[] newArray(int size) {
+            return new SigningInfo[size];
+        }
+    };
+}