commit 22b374c65876cb0c19b80c4d0b2f52147b31f931
author Treehugger Robot <treehugger-gerrit@google.com> Mon Sep 19 11:01:36 2022 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Mon Sep 19 11:01:36 2022 +0000
tree cdbde5581b536e36924e3d8beaa77c6e3b3cb6a4
parent ee1cedc68023a7dc3a05b150ef68a3f864412903
parent 3c01662aa7746e450132bdf124b0476a3000c4ec

Merge "[apkverify][test] Check public key extracted from apk is valid"

libs/apkverify/src/v3.rs

diff --git a/libs/apkverify/src/v3.rs b/libs/apkverify/src/v3.rs
index 5313a9b..76617e1 100644
--- a/libs/apkverify/src/v3.rs
+++ b/libs/apkverify/src/v3.rs
@@ -85,9 +85,9 @@
 
 /// Verifies APK Signature Scheme v3 signatures of the provided APK and returns the public key
 /// associated with the signer in DER format.
-pub fn verify<P: AsRef<Path>>(path: P) -> Result<Box<[u8]>> {
-    let f = File::open(path.as_ref())?;
-    let mut sections = ApkSections::new(f)?;
+pub fn verify<P: AsRef<Path>>(apk_path: P) -> Result<Box<[u8]>> {
+    let apk = File::open(apk_path.as_ref())?;
+    let mut sections = ApkSections::new(apk)?;
     find_signer_and_then(&mut sections, |(signer, sections)| signer.verify(sections))
 }
 
@@ -116,9 +116,9 @@
 }
 
 /// Gets the public key (in DER format) that was used to sign the given APK/APEX file
-pub fn get_public_key_der<P: AsRef<Path>>(path: P) -> Result<Box<[u8]>> {
-    let f = File::open(path.as_ref())?;
-    let mut sections = ApkSections::new(f)?;
+pub fn get_public_key_der<P: AsRef<Path>>(apk_path: P) -> Result<Box<[u8]>> {
+    let apk = File::open(apk_path.as_ref())?;
+    let mut sections = ApkSections::new(apk)?;
     find_signer_and_then(&mut sections, |(signer, _)| {
         Ok(signer.public_key.to_vec().into_boxed_slice())
     })

libs/apkverify/tests/apkverify_test.rs

diff --git a/libs/apkverify/tests/apkverify_test.rs b/libs/apkverify/tests/apkverify_test.rs
index d7b1dc2..03cb4bb 100644
--- a/libs/apkverify/tests/apkverify_test.rs
+++ b/libs/apkverify/tests/apkverify_test.rs
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-use apkverify::{testing::assert_contains, verify};
+use apkverify::{get_public_key_der, testing::assert_contains, verify};
 use std::{fs, matches, path::Path};
 
 const KEY_NAMES_DSA: &[&str] = &["1024", "2048", "3072"];
@@ -208,6 +208,10 @@
         expected_public_key_path
     );
 
-    // TODO(b/239534874): Validates public key extracted directly from apk
+    // Validates public key extracted directly from apk
     // (without verification) == expected public key.
+    let public_key_from_apk = get_public_key_der(apk_path.as_ref());
+    let public_key_from_apk =
+        public_key_from_apk.expect("Error when extracting public key from apk");
+    assert_eq!(expected_public_key, public_key_from_apk.as_ref(), "{}", expected_public_key_path);
 }