aboutsummaryrefslogtreecommitdiff
path: root/src/main/java/com/android/apksig/internal/apk/v4/V4SchemeVerifier.java
diff options
context:
space:
mode:
Diffstat (limited to 'src/main/java/com/android/apksig/internal/apk/v4/V4SchemeVerifier.java')
-rw-r--r--src/main/java/com/android/apksig/internal/apk/v4/V4SchemeVerifier.java37
1 files changed, 10 insertions, 27 deletions
diff --git a/src/main/java/com/android/apksig/internal/apk/v4/V4SchemeVerifier.java b/src/main/java/com/android/apksig/internal/apk/v4/V4SchemeVerifier.java
index c0a9013..a6cd9db 100644
--- a/src/main/java/com/android/apksig/internal/apk/v4/V4SchemeVerifier.java
+++ b/src/main/java/com/android/apksig/internal/apk/v4/V4SchemeVerifier.java
@@ -90,37 +90,20 @@ public abstract class V4SchemeVerifier {
V4Signature.HashingInfo hashingInfo = V4Signature.HashingInfo.fromByteArray(
signature.hashingInfo);
+ V4Signature.SigningInfo signingInfo = V4Signature.SigningInfo.fromByteArray(
+ signature.signingInfo);
- V4Signature.SigningInfos signingInfos = V4Signature.SigningInfos.fromByteArray(
- signature.signingInfos);
+ final byte[] signedData = V4Signature.getSignedData(apk.size(), hashingInfo, signingInfo);
- final ApkSigningBlockUtils.Result.SignerInfo signerInfo;
-
- // Verify the primary signature over signedData.
- {
- V4Signature.SigningInfo signingInfo = signingInfos.signingInfo;
- final byte[] signedData = V4Signature.getSignedData(apk.size(), hashingInfo,
- signingInfo);
- signerInfo = parseAndVerifySignatureBlock(signingInfo, signedData);
- result.signers.add(signerInfo);
- if (result.containsErrors()) {
- return result;
- }
- }
-
- // Verify all subsequent signatures.
- for (V4Signature.SigningInfoBlock signingInfoBlock : signingInfos.signingInfoBlocks) {
- V4Signature.SigningInfo signingInfo = V4Signature.SigningInfo.fromByteArray(
- signingInfoBlock.signingInfo);
- final byte[] signedData = V4Signature.getSignedData(apk.size(), hashingInfo,
- signingInfo);
- result.signers.add(parseAndVerifySignatureBlock(signingInfo, signedData));
- if (result.containsErrors()) {
- return result;
- }
+ // First, verify the signature over signedData.
+ ApkSigningBlockUtils.Result.SignerInfo signerInfo = parseAndVerifySignatureBlock(
+ signingInfo, signedData);
+ result.signers.add(signerInfo);
+ if (result.containsErrors()) {
+ return result;
}
- // Check if the root hash and the tree are correct.
+ // Second, check if the root hash and the tree are correct.
verifyRootHashAndTree(apk, signerInfo, hashingInfo.rawRootHash, tree);
if (!result.containsErrors()) {
result.verified = true;
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-08 21:42:31 +0000