From 6f5fd2b132f73995740c0255602ba3dab5791039 Mon Sep 17 00:00:00 2001
From: "FC (Fay) Stegerman" <flx@obfusk.net>
Date: Tue, 9 Apr 2024 11:19:21 +0200
Subject: [PATCH] PoC + writeup + patch

https://github.com/obfusk/fdroid-fakesigner-poc/blob/6c6dc25112a8b28a3802b6cba2921d7b91dac59e/fdroidserver.patch#L28

https://github.com/androguard/androguard/issues/1030
refs #1128

(this is an excerpt of the original patch)
---
 fdroidserver/common.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/fdroidserver/common.py b/fdroidserver/common.py
index d6b85843..e9c7ad92 100644
--- a/fdroidserver/common.py
+++ b/fdroidserver/common.py
@@ -3179,6 +3179,12 @@ def signer_fingerprint(cert_encoded):
 
 def get_first_signer_certificate(apkpath):
     """Get the first signing certificate from the APK, DER-encoded."""
+
+    class NoOverwriteDict(dict):
+        def __setitem__(self, k, v):
+            if k not in self:
+                super().__setitem__(k, v)
+
     cert_encoded_v1 = None
     cert_encoded_v2 = None
     cert_encoded_v3 = None
@@ -3191,6 +3197,7 @@ def get_first_signer_certificate(apkpath):
             cert_encoded_v1 = get_certificate(apk.read(certs_v1[0]))
 
     apkobject = get_androguard_APK(apkpath)
+    apkobject._v2_blocks = NoOverwriteDict()
     certs_v2 = apkobject.get_certificates_der_v2()
     if len(certs_v2) > 0:
         logging.debug(_('Using APK Signature v2'))