Restore internal constants used by clients

The internal constants that were removed in a previous build broke clients that were referencing these constants. While code under the internal packages can be changed at any time this commit will restore these constants until all client code can be resolved. Bug: 169094510 Test: gradlew test Change-Id: Ia386e70dd1d2cd08fc9f586226fc25c85cf0b196 Merged-In: Ia386e70dd1d2cd08fc9f586226fc25c85cf0b196
author: Michael Groover <mpgroover@google.com> 2020-08-11 10:44:25 -0700
committer: Michael Groover <mpgroover@google.com> 2020-09-24 19:48:59 -0700
commit: 4430b29acd33930fb80be042031416b47ed26363 (patch)
tree: 1516850a4fb184983508a679ccf69a74d4bdc9ba
parent: 92825ed1cc0c9c62c02a34206f207406735db694 (diff)
download: apksig-4430b29acd33930fb80be042031416b47ed26363.tar.gz
11 files changed, 104 insertions, 26 deletions
diff --git a/src/main/java/com/android/apksig/ApkVerifier.java b/src/main/java/com/android/apksig/ApkVerifier.java
index 8b30f2b..5421cc3 100644
--- a/src/main/java/com/android/apksig/ApkVerifier.java
+++ b/src/main/java/com/android/apksig/ApkVerifier.java
@@ -57,6 +57,7 @@ import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
+import java.util.EnumMap;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
@@ -498,29 +499,38 @@ public class ApkVerifier {
 
         // If the targetSdkVersion has a minimum required signature scheme version then verify
         // that the APK was signed with at least that version.
-        if (androidManifest == null) {
-            androidManifest = getAndroidManifestFromApk(apk, zipSections);
-        }
-        int targetSdkVersion = getTargetSdkVersionFromBinaryAndroidManifest(
-                androidManifest.slice());
-        int minSchemeVersion = getMinimumSignatureSchemeVersionForTargetSdk(targetSdkVersion);
-        // The platform currently only enforces a single minimum signature scheme version, but when
-        // later platform versions support another minimum version this will need to be expanded to
-        // verify the minimum based on the target and maximum SDK version.
-        if (minSchemeVersion > VERSION_JAR_SIGNATURE_SCHEME && maxSdkVersion >= targetSdkVersion) {
-            switch(minSchemeVersion) {
-                case VERSION_APK_SIGNATURE_SCHEME_V2:
-                    if (result.isVerifiedUsingV2Scheme()) {
-                        break;
-                    }
-                    // Allow this case to fall through to the next as a signature satisfying a later
-                    // scheme version will also satisfy this requirement.
-                case VERSION_APK_SIGNATURE_SCHEME_V3:
-                    if (result.isVerifiedUsingV3Scheme()) {
-                        break;
-                    }
-                    result.addError(Issue.MIN_SIG_SCHEME_FOR_TARGET_SDK_NOT_MET, targetSdkVersion,
-                            minSchemeVersion);
+        try {
+            if (androidManifest == null) {
+                androidManifest = getAndroidManifestFromApk(apk, zipSections);
+            }
+        } catch (ApkFormatException e) {
+            // If the manifest is not available then skip the minimum signature scheme requirement
+            // to support bundle verification.
+        }
+        if (androidManifest != null) {
+            int targetSdkVersion = getTargetSdkVersionFromBinaryAndroidManifest(
+                    androidManifest.slice());
+            int minSchemeVersion = getMinimumSignatureSchemeVersionForTargetSdk(targetSdkVersion);
+            // The platform currently only enforces a single minimum signature scheme version, but
+            // when later platform versions support another minimum version this will need to be
+            // expanded to verify the minimum based on the target and maximum SDK version.
+            if (minSchemeVersion > VERSION_JAR_SIGNATURE_SCHEME
+                    && maxSdkVersion >= targetSdkVersion) {
+                switch (minSchemeVersion) {
+                    case VERSION_APK_SIGNATURE_SCHEME_V2:
+                        if (result.isVerifiedUsingV2Scheme()) {
+                            break;
+                        }
+                        // Allow this case to fall through to the next as a signature satisfying a
+                        // later scheme version will also satisfy this requirement.
+                    case VERSION_APK_SIGNATURE_SCHEME_V3:
+                        if (result.isVerifiedUsingV3Scheme()) {
+                            break;
+                        }
+                        result.addError(Issue.MIN_SIG_SCHEME_FOR_TARGET_SDK_NOT_MET,
+                                targetSdkVersion,
+                                minSchemeVersion);
+                }
             }
         }
 
@@ -865,7 +875,7 @@ public class ApkVerifier {
             V3SchemeVerifier.parseSigners(signatureInfo.signatureBlock,
                     contentDigestsToVerify, result);
         }
-        apkContentDigests = new HashMap<>(result.signers.size());
+        apkContentDigests = new EnumMap<>(ContentDigestAlgorithm.class);
         for (ApkSigningBlockUtils.Result.SignerInfo signerInfo : result.signers) {
             for (ApkSigningBlockUtils.Result.SignerInfo.ContentDigest contentDigest :
                     signerInfo.contentDigests) {
@@ -915,7 +925,8 @@ public class ApkVerifier {
             ApkUtils.ZipSections zipSections)
             throws IOException, ApkFormatException {
         CentralDirectoryRecord manifestCdRecord = null;
-        Map<ContentDigestAlgorithm, byte[]> v1ContentDigest = new HashMap<>();
+        Map<ContentDigestAlgorithm, byte[]> v1ContentDigest = new EnumMap<>(
+                ContentDigestAlgorithm.class);
         for (CentralDirectoryRecord cdRecord : cdRecords) {
             if (MANIFEST_ENTRY_NAME.equals(cdRecord.getName())) {
                 manifestCdRecord = cdRecord;
@@ -1723,7 +1734,7 @@ public class ApkVerifier {
             private final List<IssueWithParams> mErrors;
             private final List<IssueWithParams> mWarnings;
 
-            private SourceStampVerificationStatus mSourceStampVerificationStatus;
+            private final SourceStampVerificationStatus mSourceStampVerificationStatus;
 
             private SourceStampInfo(ApkSigningBlockUtils.Result.SignerInfo result) {
                 mCertificates = result.certs;
diff --git a/src/main/java/com/android/apksig/Constants.java b/src/main/java/com/android/apksig/Constants.java
new file mode 100644
index 0000000..3f67c1a
--- /dev/null
+++ b/src/main/java/com/android/apksig/Constants.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.apksig;
+
+import com.android.apksig.internal.apk.stamp.SourceStampConstants;
+import com.android.apksig.internal.apk.v1.V1SchemeConstants;
+import com.android.apksig.internal.apk.v2.V2SchemeConstants;
+import com.android.apksig.internal.apk.v3.V3SchemeConstants;
+
+/**
+ * Exports internally defined constants to allow clients to reference these values without relying
+ * on internal code.
+ */
+public class Constants {
+    private Constants() {}
+
+    public static final String MANIFEST_ENTRY_NAME = V1SchemeConstants.MANIFEST_ENTRY_NAME;
+
+    public static final int APK_SIGNATURE_SCHEME_V2_BLOCK_ID =
+            V2SchemeConstants.APK_SIGNATURE_SCHEME_V2_BLOCK_ID;
+
+    public static final int APK_SIGNATURE_SCHEME_V3_BLOCK_ID =
+            V3SchemeConstants.APK_SIGNATURE_SCHEME_V3_BLOCK_ID;
+    public static final int PROOF_OF_ROTATION_ATTR_ID = V3SchemeConstants.PROOF_OF_ROTATION_ATTR_ID;
+
+    public static final int V1_SOURCE_STAMP_BLOCK_ID =
+            SourceStampConstants.V1_SOURCE_STAMP_BLOCK_ID;
+    public static final int V2_SOURCE_STAMP_BLOCK_ID =
+            SourceStampConstants.V2_SOURCE_STAMP_BLOCK_ID;
+}
diff --git a/src/main/java/com/android/apksig/internal/apk/stamp/SourceStampConstants.java b/src/main/java/com/android/apksig/internal/apk/stamp/SourceStampConstants.java
index 0f02078..9502911 100644
--- a/src/main/java/com/android/apksig/internal/apk/stamp/SourceStampConstants.java
+++ b/src/main/java/com/android/apksig/internal/apk/stamp/SourceStampConstants.java
@@ -18,6 +18,8 @@ package com.android.apksig.internal.apk.stamp;
 
 /** Constants used for source stamp signing and verification. */
 public class SourceStampConstants {
+    private SourceStampConstants() {}
+
     public static final int V1_SOURCE_STAMP_BLOCK_ID = 0x2b09189e;
     public static final int V2_SOURCE_STAMP_BLOCK_ID = 0x6dff800d;
 }
diff --git a/src/main/java/com/android/apksig/internal/apk/stamp/V1SourceStampSigner.java b/src/main/java/com/android/apksig/internal/apk/stamp/V1SourceStampSigner.java
index 2f6b072..dee24bd 100644
--- a/src/main/java/com/android/apksig/internal/apk/stamp/V1SourceStampSigner.java
+++ b/src/main/java/com/android/apksig/internal/apk/stamp/V1SourceStampSigner.java
@@ -48,6 +48,9 @@ import java.util.Map;
  * <p>V1 of the source stamp allows signing the digest of at most one signature scheme only.
  */
 public abstract class V1SourceStampSigner {
+    public static final int V1_SOURCE_STAMP_BLOCK_ID =
+            SourceStampConstants.V1_SOURCE_STAMP_BLOCK_ID;
+
     /** Hidden constructor to prevent instantiation. */
     private V1SourceStampSigner() {}
 
diff --git a/src/main/java/com/android/apksig/internal/apk/stamp/V2SourceStampSigner.java b/src/main/java/com/android/apksig/internal/apk/stamp/V2SourceStampSigner.java
index 088085b..401a43e 100644
--- a/src/main/java/com/android/apksig/internal/apk/stamp/V2SourceStampSigner.java
+++ b/src/main/java/com/android/apksig/internal/apk/stamp/V2SourceStampSigner.java
@@ -51,6 +51,9 @@ import java.util.Map;
  * <p>V2 of the source stamp allows signing the digests of more than one signature schemes.
  */
 public abstract class V2SourceStampSigner {
+    public static final int V2_SOURCE_STAMP_BLOCK_ID =
+            SourceStampConstants.V2_SOURCE_STAMP_BLOCK_ID;
+
     /** Hidden constructor to prevent instantiation. */
     private V2SourceStampSigner() {}
 
diff --git a/src/main/java/com/android/apksig/internal/apk/v1/V1SchemeConstants.java b/src/main/java/com/android/apksig/internal/apk/v1/V1SchemeConstants.java
index 054265a..db1d15f 100644
--- a/src/main/java/com/android/apksig/internal/apk/v1/V1SchemeConstants.java
+++ b/src/main/java/com/android/apksig/internal/apk/v1/V1SchemeConstants.java
@@ -18,6 +18,8 @@ package com.android.apksig.internal.apk.v1;
 
 /** Constants used by the Jar Signing / V1 Signature Scheme signing and verification. */
 public class V1SchemeConstants {
+    private V1SchemeConstants() {}
+
     public static final String MANIFEST_ENTRY_NAME = "META-INF/MANIFEST.MF";
     public static final String SF_ATTRIBUTE_NAME_ANDROID_APK_SIGNED_NAME_STR =
             "X-Android-APK-Signed";
diff --git a/src/main/java/com/android/apksig/internal/apk/v1/V1SchemeSigner.java b/src/main/java/com/android/apksig/internal/apk/v1/V1SchemeSigner.java
index 123c9e6..6e9e0c3 100644
--- a/src/main/java/com/android/apksig/internal/apk/v1/V1SchemeSigner.java
+++ b/src/main/java/com/android/apksig/internal/apk/v1/V1SchemeSigner.java
@@ -59,6 +59,8 @@ import java.util.jar.Manifest;
  * @see <a href="https://docs.oracle.com/javase/8/docs/technotes/guides/jar/jar.html#Signed_JAR_File">Signed JAR File</a>
  */
 public abstract class V1SchemeSigner {
+    public static final String MANIFEST_ENTRY_NAME = V1SchemeConstants.MANIFEST_ENTRY_NAME;
+
     private static final Attributes.Name ATTRIBUTE_NAME_CREATED_BY =
             new Attributes.Name("Created-By");
     private static final String ATTRIBUTE_VALUE_MANIFEST_VERSION = "1.0";
diff --git a/src/main/java/com/android/apksig/internal/apk/v2/V2SchemeConstants.java b/src/main/java/com/android/apksig/internal/apk/v2/V2SchemeConstants.java
index 312c2d0..0e244c8 100644
--- a/src/main/java/com/android/apksig/internal/apk/v2/V2SchemeConstants.java
+++ b/src/main/java/com/android/apksig/internal/apk/v2/V2SchemeConstants.java
@@ -18,6 +18,8 @@ package com.android.apksig.internal.apk.v2;
 
 /** Constants used by the V2 Signature Scheme signing and verification. */
 public class V2SchemeConstants {
+    private V2SchemeConstants() {}
+
     public static final int APK_SIGNATURE_SCHEME_V2_BLOCK_ID = 0x7109871a;
     public static final int STRIPPING_PROTECTION_ATTR_ID = 0xbeeff00d;
 }
diff --git a/src/main/java/com/android/apksig/internal/apk/v2/V2SchemeSigner.java b/src/main/java/com/android/apksig/internal/apk/v2/V2SchemeSigner.java
index 18858ed..c870a9e 100644
--- a/src/main/java/com/android/apksig/internal/apk/v2/V2SchemeSigner.java
+++ b/src/main/java/com/android/apksig/internal/apk/v2/V2SchemeSigner.java
@@ -70,6 +70,9 @@ public abstract class V2SchemeSigner {
      * protected by signatures inside the block.
      */
 
+    public static final int APK_SIGNATURE_SCHEME_V2_BLOCK_ID =
+            V2SchemeConstants.APK_SIGNATURE_SCHEME_V2_BLOCK_ID;
+
     /** Hidden constructor to prevent instantiation. */
     private V2SchemeSigner() {}
 
diff --git a/src/main/java/com/android/apksig/internal/apk/v3/V3SchemeConstants.java b/src/main/java/com/android/apksig/internal/apk/v3/V3SchemeConstants.java
index eeff76d..3b70aa0 100644
--- a/src/main/java/com/android/apksig/internal/apk/v3/V3SchemeConstants.java
+++ b/src/main/java/com/android/apksig/internal/apk/v3/V3SchemeConstants.java
@@ -18,6 +18,8 @@ package com.android.apksig.internal.apk.v3;
 
 /** Constants used by the V3 Signature Scheme signing and verification. */
 public class V3SchemeConstants {
+    private V3SchemeConstants() {}
+
     public static final int APK_SIGNATURE_SCHEME_V3_BLOCK_ID = 0xf05368c0;
     public static final int PROOF_OF_ROTATION_ATTR_ID = 0x3ba06f8c;
 }
diff --git a/src/main/java/com/android/apksig/internal/apk/v3/V3SchemeSigner.java b/src/main/java/com/android/apksig/internal/apk/v3/V3SchemeSigner.java
index 2eba06b..2c70311 100644
--- a/src/main/java/com/android/apksig/internal/apk/v3/V3SchemeSigner.java
+++ b/src/main/java/com/android/apksig/internal/apk/v3/V3SchemeSigner.java
@@ -57,6 +57,10 @@ import java.util.Map;
  *     it can prove the new siging certificate was signed by the old.
  */
 public abstract class V3SchemeSigner {
+    public static final int APK_SIGNATURE_SCHEME_V3_BLOCK_ID =
+            V3SchemeConstants.APK_SIGNATURE_SCHEME_V3_BLOCK_ID;
+    public static final int PROOF_OF_ROTATION_ATTR_ID = V3SchemeConstants.PROOF_OF_ROTATION_ATTR_ID;
+
     /** Hidden constructor to prevent instantiation. */
     private V3SchemeSigner() {}
author	Michael Groover <mpgroover@google.com>	2020-08-11 10:44:25 -0700
committer	Michael Groover <mpgroover@google.com>	2020-09-24 19:48:59 -0700
commit	4430b29acd33930fb80be042031416b47ed26363 (patch)
tree	1516850a4fb184983508a679ccf69a74d4bdc9ba
parent	92825ed1cc0c9c62c02a34206f207406735db694 (diff)
download	apksig-4430b29acd33930fb80be042031416b47ed26363.tar.gz