diff options
author | Michael Groover <mpgroover@google.com> | 2020-07-17 22:39:05 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2020-07-17 22:39:05 +0000 |
commit | 85b81365358efc7dd75d2f40880552cbf4a85583 (patch) | |
tree | 0a8a3e5e28788779d8d260c4835659e1d2c8750b | |
parent | 464bac8ba53c9215974621dd43eb15fbd9fd6e90 (diff) | |
parent | cda3e1def0a52b8d62bf4db4331b9637b9ea33cc (diff) | |
download | apksig-85b81365358efc7dd75d2f40880552cbf4a85583.tar.gz |
Add conscrypt provider to apksigner to support PSS am: 79142cc90a am: cda3e1def0
Original change: https://googleplex-android-review.googlesource.com/c/platform/tools/apksig/+/12176763
Change-Id: I2c7100ad23606053ec15a6a8249b1671f4122115
-rw-r--r-- | Android.bp | 6 | ||||
-rwxr-xr-x | etc/apksigner | 8 | ||||
-rw-r--r-- | src/apksigner/java/com/android/apksigner/ApkSignerTool.java | 17 |
3 files changed, 30 insertions, 1 deletions
@@ -31,5 +31,9 @@ java_binary_host { java_resource_dirs: ["src/apksigner/java"], wrapper: "etc/apksigner", manifest: "src/apksigner/apksigner.mf", - static_libs: ["apksig"], + static_libs: [ + "apksig", + "conscrypt-unbundled", + ], + required: ["libconscrypt_openjdk_jni"], } diff --git a/etc/apksigner b/etc/apksigner index 11a7529..d13afc4 100755 --- a/etc/apksigner +++ b/etc/apksigner @@ -46,6 +46,8 @@ fi if [ ! -r "$libdir/$jarfile" ]; then # set apksigner.jar location for the Android tree case libdir=`dirname "$progdir"`/framework + # also include the library directory for any provider native libraries + providerLibdir=`dirname "$progdir"`/lib64 fi if [ ! -r "$libdir/$jarfile" ]; then @@ -71,6 +73,8 @@ while expr "x$1" : 'x-J' >/dev/null; do javaOpts="${javaOpts} -${opt}" if expr "x${opt}" : "xXmx[0-9]" >/dev/null; then defaultMx="no" + elif expr "x${opt}" : "xDjava.library.path=" >/dev/null; then + defaultLibdir="no" fi shift done @@ -79,6 +83,10 @@ if [ "${defaultMx}" != "no" ]; then javaOpts="${javaOpts} ${defaultMx}" fi +if [ "${defaultLibdir}" != "no" ] && [ -n $providerLibdir ]; then + javaOpts="${javaOpts} -Djava.library.path=$providerLibdir" +fi + if [ "$OSTYPE" = "cygwin" ]; then # For Cygwin, convert the jarfile path into native Windows style. jarpath=`cygpath -w "$libdir/$jarfile"` diff --git a/src/apksigner/java/com/android/apksigner/ApkSignerTool.java b/src/apksigner/java/com/android/apksigner/ApkSignerTool.java index 5783518..2f4e680 100644 --- a/src/apksigner/java/com/android/apksigner/ApkSignerTool.java +++ b/src/apksigner/java/com/android/apksigner/ApkSignerTool.java @@ -25,6 +25,8 @@ import com.android.apksig.apk.MinSdkVersionException; import com.android.apksig.util.DataSource; import com.android.apksig.util.DataSources; +import org.conscrypt.OpenSSLProvider; + import java.io.BufferedReader; import java.io.File; import java.io.IOException; @@ -78,6 +80,8 @@ public class ApkSignerTool { return; } + addProviders(); + String cmd = params[0]; try { if ("sign".equals(cmd)) { @@ -109,6 +113,19 @@ public class ApkSignerTool { } } + /** + * Adds additional security providers to add support for signature algorithms not covered by + * the default providers. + */ + private static void addProviders() { + try { + Security.addProvider(new OpenSSLProvider()); + } catch (UnsatisfiedLinkError e) { + // This is expected if the library path does not include the native conscrypt library; + // the default providers support all but PSS algorithms. + } + } + private static void sign(String[] params) throws Exception { if (params.length == 0) { printUsage(HELP_PAGE_SIGN); |