aboutsummaryrefslogtreecommitdiff
path: root/src/apksigner/java/com/android/apksigner/ApkSignerTool.java
diff options
context:
space:
mode:
Diffstat (limited to 'src/apksigner/java/com/android/apksigner/ApkSignerTool.java')
-rw-r--r--src/apksigner/java/com/android/apksigner/ApkSignerTool.java46
1 files changed, 33 insertions, 13 deletions
diff --git a/src/apksigner/java/com/android/apksigner/ApkSignerTool.java b/src/apksigner/java/com/android/apksigner/ApkSignerTool.java
index c7cb660..9fd0c34 100644
--- a/src/apksigner/java/com/android/apksigner/ApkSignerTool.java
+++ b/src/apksigner/java/com/android/apksigner/ApkSignerTool.java
@@ -25,8 +25,6 @@ import com.android.apksig.apk.MinSdkVersionException;
import com.android.apksig.util.DataSource;
import com.android.apksig.util.DataSources;
-import org.conscrypt.OpenSSLProvider;
-
import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
@@ -80,7 +78,9 @@ public class ApkSignerTool {
return;
}
+ // BEGIN-AOSP
addProviders();
+ // END-AOSP
String cmd = params[0];
try {
@@ -113,18 +113,20 @@ public class ApkSignerTool {
}
}
+ // BEGIN-AOSP
/**
* Adds additional security providers to add support for signature algorithms not covered by
* the default providers.
*/
private static void addProviders() {
try {
- Security.addProvider(new OpenSSLProvider());
+ Security.addProvider(new org.conscrypt.OpenSSLProvider());
} catch (UnsatisfiedLinkError e) {
// This is expected if the library path does not include the native conscrypt library;
// the default providers support all but PSS algorithms.
}
}
+ // END-AOSP
private static void sign(String[] params) throws Exception {
if (params.length == 0) {
@@ -157,6 +159,8 @@ public class ApkSignerTool {
String optionOriginalForm = null;
boolean v4SigningFlagFound = false;
boolean sourceStampFlagFound = false;
+ boolean deterministicDsaSigning = false;
+ boolean otherSignersSignaturesPreserved = false;
while ((optionName = optionsParser.nextOption()) != null) {
optionOriginalForm = optionsParser.getOptionOriginalForm();
if (("help".equals(optionName)) || ("h".equals(optionName))) {
@@ -257,6 +261,10 @@ public class ApkSignerTool {
File stampLineageFile = new File(
optionsParser.getRequiredValue("Stamp Lineage File"));
sourceStampLineage = getLineageFromInputFile(stampLineageFile);
+ } else if ("deterministic-dsa-signing".equals(optionName)) {
+ deterministicDsaSigning = optionsParser.getOptionalBooleanValue(false);
+ } else if ("append-signature".equals(optionName)) {
+ otherSignersSignaturesPreserved = optionsParser.getOptionalBooleanValue(true);
} else {
throw new ParameterException(
"Unsupported option: " + optionOriginalForm + ". See --help for supported"
@@ -313,7 +321,8 @@ public class ApkSignerTool {
for (SignerParams signer : signers) {
signerNumber++;
signer.setName("signer #" + signerNumber);
- ApkSigner.SignerConfig signerConfig = getSignerConfig(signer, passwordRetriever);
+ ApkSigner.SignerConfig signerConfig = getSignerConfig(signer, passwordRetriever,
+ deterministicDsaSigning);
if (signerConfig == null) {
return;
}
@@ -322,7 +331,8 @@ public class ApkSignerTool {
if (sourceStampFlagFound) {
sourceStampSignerParams.setName("stamp signer");
sourceStampSignerConfig =
- getSignerConfig(sourceStampSignerParams, passwordRetriever);
+ getSignerConfig(sourceStampSignerParams, passwordRetriever,
+ deterministicDsaSigning);
if (sourceStampSignerConfig == null) {
return;
}
@@ -343,7 +353,7 @@ public class ApkSignerTool {
new ApkSigner.Builder(signerConfigs)
.setInputApk(inputApk)
.setOutputApk(tmpOutputApk)
- .setOtherSignersSignaturesPreserved(false)
+ .setOtherSignersSignaturesPreserved(otherSignersSignaturesPreserved)
.setV1SigningEnabled(v1SigningEnabled)
.setV2SigningEnabled(v2SigningEnabled)
.setV3SigningEnabled(v3SigningEnabled)
@@ -389,8 +399,8 @@ public class ApkSignerTool {
}
}
- private static ApkSigner.SignerConfig getSignerConfig(
- SignerParams signer, PasswordRetriever passwordRetriever) {
+ private static ApkSigner.SignerConfig getSignerConfig(SignerParams signer,
+ PasswordRetriever passwordRetriever, boolean deterministicDsaSigning) {
try {
signer.loadPrivateKeyAndCerts(passwordRetriever);
} catch (ParameterException e) {
@@ -422,7 +432,8 @@ public class ApkSignerTool {
}
ApkSigner.SignerConfig signerConfig =
new ApkSigner.SignerConfig.Builder(
- v1SigBasename, signer.getPrivateKey(), signer.getCerts())
+ v1SigBasename, signer.getPrivateKey(), signer.getCerts(),
+ deterministicDsaSigning)
.build();
return signerConfig;
}
@@ -1091,10 +1102,19 @@ public class ApkSignerTool {
}
Provider provider;
if (constructorParam != null) {
- // Single-arg Provider constructor
- provider =
- (Provider) providerClass.getConstructor(String.class)
- .newInstance(constructorParam);
+ try {
+ // Single-arg Provider constructor
+ provider =
+ (Provider) providerClass.getConstructor(String.class)
+ .newInstance(constructorParam);
+ } catch (NoSuchMethodException e) {
+ // Starting from JDK 9 the single-arg constructor accepting the configuration
+ // has been replaced by a configure(String) method to be invoked after
+ // instantiating the Provider with the no-arg constructor.
+ provider = (Provider) providerClass.getConstructor().newInstance();
+ provider = (Provider) providerClass.getMethod("configure", String.class)
+ .invoke(provider, constructorParam);
+ }
} else {
// No-arg Provider constructor
provider = (Provider) providerClass.getConstructor().newInstance();
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-13 12:15:15 +0000