diff options
author | Michael Groover <mpgroover@google.com> | 2021-10-12 10:54:49 -0700 |
---|---|---|
committer | Michael Groover <mpgroover@google.com> | 2021-10-12 10:54:49 -0700 |
commit | beedf367a5e2bb8c1cac193473fd42804aaf387e (patch) | |
tree | 4c6b308ae19873c1e4b766454be968811771cacf | |
parent | c5bd203c87b7fa76572176a44437d66fa28f918e (diff) | |
download | apksig-beedf367a5e2bb8c1cac193473fd42804aaf387e.tar.gz |
Do not write rotation-min-sdk to v3.0 block in the absence of rotation
apksig allows a value to be set for rotation-min-sdk-version without
requiring a rotated signing key / lineage to be specified. This allows
a generic signing config to be used that supports both dev and prod
builds where the dev build is using the rotated signign key but the prod
build is still using only the original key with the
rotation-min-sdk-version set for both. This commit ensures that the
rotation stripping attribute is only written to the v3.0 signer if
a rotated signing key is used in the v3.1 signing block.
Bug: 202830422
Test: gradlew test
Change-Id: I3010d591f7be6113708b01034e46d11b0352095c
-rw-r--r-- | src/main/java/com/android/apksig/DefaultApkSignerEngine.java | 3 | ||||
-rw-r--r-- | src/test/java/com/android/apksig/ApkSignerTest.java | 25 |
2 files changed, 27 insertions, 1 deletions
diff --git a/src/main/java/com/android/apksig/DefaultApkSignerEngine.java b/src/main/java/com/android/apksig/DefaultApkSignerEngine.java index f4e7322..aee7cdb 100644 --- a/src/main/java/com/android/apksig/DefaultApkSignerEngine.java +++ b/src/main/java/com/android/apksig/DefaultApkSignerEngine.java @@ -1086,7 +1086,8 @@ public class DefaultApkSignerEngine implements ApkSignerEngine { zipCentralDirectory, eocd, v3SignerConfigs) .setRunnablesExecutor(mExecutor) .setBlockId(V3SchemeConstants.APK_SIGNATURE_SCHEME_V3_BLOCK_ID); - if (mRotationMinSdkVersion >= MIN_SDK_WITH_V31_SUPPORT + if (mSigningCertificateLineage != null + && mRotationMinSdkVersion >= MIN_SDK_WITH_V31_SUPPORT && mMinSdkVersion < mRotationMinSdkVersion) { builder.setRotationMinSdkVersion(rotationMinSdkVersion); } diff --git a/src/test/java/com/android/apksig/ApkSignerTest.java b/src/test/java/com/android/apksig/ApkSignerTest.java index f213c61..430a022 100644 --- a/src/test/java/com/android/apksig/ApkSignerTest.java +++ b/src/test/java/com/android/apksig/ApkSignerTest.java @@ -1804,6 +1804,31 @@ public class ApkSignerTest { } @Test + public void testV31_rotationMinSdkVersionTWithoutLineage_v30VerificationSucceeds() + throws Exception { + // apksig allows setting a rotation-min-sdk-version without providing a rotated signing + // key / lineage; however in the absence of rotation, the rotation-min-sdk-version should + // be a no-op, and the stripping protection attribute should not be written to the v3.0 + // signer. + List<ApkSigner.SignerConfig> rsa2048SignerConfig = + Collections.singletonList( + getDefaultSignerConfigFromResources(FIRST_RSA_2048_SIGNER_RESOURCE_NAME)); + + File signedApk = sign("original.apk", + new ApkSigner.Builder(rsa2048SignerConfig) + .setV1SigningEnabled(true) + .setV2SigningEnabled(true) + .setV3SigningEnabled(true) + .setV4SigningEnabled(false) + .setMinSdkVersionForRotation(V3SchemeConstants.MIN_SDK_WITH_V31_SUPPORT)); + ApkVerifier.Result result = verify(signedApk, null); + + assertVerified(result); + assertFalse(result.isVerifiedUsingV31Scheme()); + assertTrue(result.isVerifiedUsingV3Scheme()); + } + + @Test public void testV4_rotationMinSdkVersionLessThanT_signatureOnlyHasRotatedSigner() throws Exception { // To support SDK version targeting in the v3.1 signature scheme, apksig added a |