Clean up imports, formatting and tests.

Bug: n/a
Test: atest libapkverify.test libapkverify.integration_test
Change-Id: I39686d17927741297aa3feb02ed6043ee770933b
diff --git a/apkverify/src/v3.rs b/apkverify/src/v3.rs
index d1f59c6..2f9ce94 100644
--- a/apkverify/src/v3.rs
+++ b/apkverify/src/v3.rs
@@ -21,11 +21,15 @@
 
 use anyhow::{anyhow, bail, Context, Result};
 use bytes::Bytes;
+use ring::signature::{
+    UnparsedPublicKey, VerificationAlgorithm, ECDSA_P256_SHA256_ASN1, RSA_PKCS1_2048_8192_SHA256,
+    RSA_PKCS1_2048_8192_SHA512, RSA_PSS_2048_8192_SHA256, RSA_PSS_2048_8192_SHA512,
+};
 use std::fs::File;
 use std::io::{Read, Seek};
 use std::ops::Range;
 use std::path::Path;
-use x509_parser::{prelude::FromDer, x509};
+use x509_parser::{parse_x509_certificate, prelude::FromDer, x509::SubjectPublicKeyInfo};
 
 use crate::bytes_ext::{BytesExt, LengthPrefixed, ReadFromBytes};
 use crate::sigutil::*;
@@ -45,7 +49,7 @@
     min_sdk: u32,
     max_sdk: u32,
     signatures: LengthPrefixed<Vec<LengthPrefixed<Signature>>>,
-    public_key: LengthPrefixed<SubjectPublicKeyInfo>,
+    public_key: LengthPrefixed<Bytes>,
 }
 
 impl Signer {
@@ -79,7 +83,6 @@
     digest: LengthPrefixed<Bytes>,
 }
 
-type SubjectPublicKeyInfo = Bytes;
 type X509Certificate = Bytes;
 type AdditionalAttributes = Bytes;
 
@@ -128,7 +131,7 @@
 
         // 2. Verify the corresponding signature from signatures against signed data using public key.
         //    (It is now safe to parse signed data.)
-        let (_, key_info) = x509::SubjectPublicKeyInfo::from_der(self.public_key.as_ref())?;
+        let (_, key_info) = SubjectPublicKeyInfo::from_der(self.public_key.as_ref())?;
         verify_signed_data(&self.signed_data, strongest, &key_info)?;
 
         // It is now safe to parse signed data.
@@ -172,7 +175,7 @@
         // 7. Verify that SubjectPublicKeyInfo of the first certificate of certificates is identical
         //    to public key.
         let cert = signed_data.certificates.first().context("No certificates listed")?;
-        let (_, cert) = x509_parser::parse_x509_certificate(cert.as_ref())?;
+        let (_, cert) = parse_x509_certificate(cert.as_ref())?;
         if cert.tbs_certificate.subject_pki != key_info {
             bail!("Public key mismatch between certificate and signature record");
         }
@@ -185,32 +188,28 @@
 fn verify_signed_data(
     data: &Bytes,
     signature: &Signature,
-    key_info: &x509::SubjectPublicKeyInfo,
+    key_info: &SubjectPublicKeyInfo,
 ) -> Result<()> {
-    use ring::signature;
-    let verification_alg: &dyn signature::VerificationAlgorithm =
-        match signature.signature_algorithm_id {
-            SIGNATURE_RSA_PSS_WITH_SHA256 => &signature::RSA_PSS_2048_8192_SHA256,
-            SIGNATURE_RSA_PSS_WITH_SHA512 => &signature::RSA_PSS_2048_8192_SHA512,
-            SIGNATURE_RSA_PKCS1_V1_5_WITH_SHA256 | SIGNATURE_VERITY_RSA_PKCS1_V1_5_WITH_SHA256 => {
-                &signature::RSA_PKCS1_2048_8192_SHA256
-            }
-            SIGNATURE_RSA_PKCS1_V1_5_WITH_SHA512 => &signature::RSA_PKCS1_2048_8192_SHA512,
-            SIGNATURE_ECDSA_WITH_SHA256 | SIGNATURE_VERITY_ECDSA_WITH_SHA256 => {
-                &signature::ECDSA_P256_SHA256_ASN1
-            }
-            // TODO(b/190343842) not implemented signature algorithm
-            SIGNATURE_ECDSA_WITH_SHA512
-            | SIGNATURE_DSA_WITH_SHA256
-            | SIGNATURE_VERITY_DSA_WITH_SHA256 => {
-                bail!(
-                    "TODO(b/190343842) not implemented signature algorithm: {:#x}",
-                    signature.signature_algorithm_id
-                );
-            }
-            _ => bail!("Unsupported signature algorithm: {:#x}", signature.signature_algorithm_id),
-        };
-    let key = signature::UnparsedPublicKey::new(verification_alg, &key_info.subject_public_key);
+    let verification_alg: &dyn VerificationAlgorithm = match signature.signature_algorithm_id {
+        SIGNATURE_RSA_PSS_WITH_SHA256 => &RSA_PSS_2048_8192_SHA256,
+        SIGNATURE_RSA_PSS_WITH_SHA512 => &RSA_PSS_2048_8192_SHA512,
+        SIGNATURE_RSA_PKCS1_V1_5_WITH_SHA256 | SIGNATURE_VERITY_RSA_PKCS1_V1_5_WITH_SHA256 => {
+            &RSA_PKCS1_2048_8192_SHA256
+        }
+        SIGNATURE_RSA_PKCS1_V1_5_WITH_SHA512 => &RSA_PKCS1_2048_8192_SHA512,
+        SIGNATURE_ECDSA_WITH_SHA256 | SIGNATURE_VERITY_ECDSA_WITH_SHA256 => &ECDSA_P256_SHA256_ASN1,
+        // TODO(b/190343842) not implemented signature algorithm
+        SIGNATURE_ECDSA_WITH_SHA512
+        | SIGNATURE_DSA_WITH_SHA256
+        | SIGNATURE_VERITY_DSA_WITH_SHA256 => {
+            bail!(
+                "TODO(b/190343842) not implemented signature algorithm: {:#x}",
+                signature.signature_algorithm_id
+            );
+        }
+        _ => bail!("Unsupported signature algorithm: {:#x}", signature.signature_algorithm_id),
+    };
+    let key = UnparsedPublicKey::new(verification_alg, &key_info.subject_public_key);
     key.verify(data.as_ref(), signature.signature.as_ref())?;
     Ok(())
 }