kamp/fdroidserver
1
0
Fork 0
mirror of https://gitlab.com/fdroid/fdroidserver.git synced 2024-11-14 02:50:12 +01:00
Code Activity

get_first_signer_certificate: check all v1 v2 and v3 certs

Browse Source
This commit is contained in:
linsui 2024-04-08 14:57:28 +08:00 committed by Hans-Christoph Steiner
parent 93f361c623
commit 2fea71a6c7
1 changed files with 23 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
fdroidserver/common.py
View File

@ -3179,31 +3179,39 @@ def signer_fingerprint(cert_encoded):
def get_first_signer_certificate(apkpath): def get_first_signer_certificate(apkpath):
"""Get the first signing certificate from the APK, DER-encoded.""" """Get the first signing certificate from the APK, DER-encoded."""
certs = None cert_encoded_v1 = None
cert_encoded = None cert_encoded_v2 = None
cert_encoded_v3 = None
with zipfile.ZipFile(apkpath, 'r') as apk: with zipfile.ZipFile(apkpath, 'r') as apk:
cert_files = [n for n in apk.namelist() if SIGNATURE_BLOCK_FILE_REGEX.match(n)] certs_v1 = [n for n in apk.namelist() if SIGNATURE_BLOCK_FILE_REGEX.match(n)]
if len(cert_files) > 1: if len(certs_v1) > 1:
logging.error(_("Found multiple JAR Signature Block Files in {path}").format(path=apkpath)) logging.error(_("Found multiple JAR Signature Block Files in {path}").format(path=apkpath))
return None return None
elif len(cert_files) == 1: elif len(certs_v1) == 1:
cert_encoded = get_certificate(apk.read(cert_files[0])) cert_encoded_v1 = get_certificate(apk.read(certs_v1[0]))
if not cert_encoded: if True
apkobject = get_androguard_APK(apkpath) apkobject = get_androguard_APK(apkpath)
certs = apkobject.get_certificates_der_v2() certs_v2 = apkobject.get_certificates_der_v2()
if len(certs) > 0: if len(certs_v2) > 0:
logging.debug(_('Using APK Signature v2')) logging.debug(_('Using APK Signature v2'))
cert_encoded = certs[0] cert_encoded_v2 = certs_v2[0]
if not cert_encoded:
certs = apkobject.get_certificates_der_v3()
if len(certs) > 0:
logging.debug(_('Using APK Signature v3'))
cert_encoded = certs[0]
certs_v3 = apkobject.get_certificates_der_v3()
if len(certs_v3) > 0:
logging.debug(_('Using APK Signature v3'))
cert_encoded_v3 = certs_v3[0]
cert_encoded = cert_encoded_v3 or cert_encoded_v2 or cert_encoded_v1
if not cert_encoded: if not cert_encoded:
logging.error(_("No signing certificates found in {path}").format(path=apkpath)) logging.error(_("No signing certificates found in {path}").format(path=apkpath))
return None return None
if (
(cert_encoded_v2 and cert_encoded_v2 != cert_encoded)
or (cert_encoded_v1 and cert_encoded_v1 != cert_encoded)
):
logging.error(_("Different certificates found in {path}").format(path=apkpath))
return None
return cert_encoded return cert_encoded