replace decade old pyasn1 crypto impl with working asn1crypto

For some APKs, get_certificate() was returning a different result than apksigner and keytool. So I just took the algorithm from androguard, which uses asn1crypto instead of pyasn1. So that removes a dependency as well. asn1crypto is already required by androguard. The original get_certificate() came from 6e2d0a9e1
2024-11-13 02:30:11 +01:00 · 2024-04-29 12:31:06 +02:00 · 2024-04-29 12:31:06 +02:00 · 93f361c623
commit 93f361c623
parent 4666330a4d
2 changed files with 4 additions and 18 deletions
--- a/fdroidserver/common.py
+++ b/fdroidserver/common.py
@ -54,16 +54,13 @@ from pathlib import Path

 import defusedxml.ElementTree as XMLElementTree

+from asn1crypto import cms
 from base64 import urlsafe_b64encode
 from binascii import hexlify
 from datetime import datetime, timedelta, timezone
 from queue import Queue
 from zipfile import ZipFile

-from pyasn1.codec.der import decoder, encoder
-from pyasn1_modules import rfc2315
-from pyasn1.error import PyAsn1Error
-
 import fdroidserver.metadata
 import fdroidserver.lint
 from fdroidserver import _
@ -3908,18 +3905,8 @@ def get_certificate(signature_block_file):
    or None in case of error

    """
-    content = decoder.decode(signature_block_file, asn1Spec=rfc2315.ContentInfo())[0]
-    if content.getComponentByName('contentType') != rfc2315.signedData:
-        return None
-    content = decoder.decode(content.getComponentByName('content'),
-                             asn1Spec=rfc2315.SignedData())[0]
-    try:
-        certificates = content.getComponentByName('certificates')
-        cert = certificates[0].getComponentByName('certificate')
-    except PyAsn1Error:
-        logging.error("Certificates not found.")
-        return None
-    return encoder.encode(cert)
+    pkcs7obj = cms.ContentInfo.load(signature_block_file)
+    return pkcs7obj['content']['certificates'][0].chosen.dump()


 def load_stats_fdroid_signing_key_fingerprints():
--- a/setup.py
+++ b/setup.py
@ -93,14 +93,13 @@ setup(
    install_requires=[
        'appdirs',
        'androguard >= 3.3.5',
+        'asn1crypto',
        'clint',
        'defusedxml',
        'GitPython',
        'paramiko',
        'Pillow',
        'apache-libcloud >= 0.14.1',
-        'pyasn1 >=0.4.1',
-        'pyasn1-modules >= 0.2.1',
        'python-vagrant',
        'PyYAML',
        'qrcode',