Merge "[apkverify][test] Check public key extracted from apk is valid"
diff --git a/libs/apkverify/src/v3.rs b/libs/apkverify/src/v3.rs
index 5313a9b..76617e1 100644
--- a/libs/apkverify/src/v3.rs
+++ b/libs/apkverify/src/v3.rs
@@ -85,9 +85,9 @@
/// Verifies APK Signature Scheme v3 signatures of the provided APK and returns the public key
/// associated with the signer in DER format.
-pub fn verify<P: AsRef<Path>>(path: P) -> Result<Box<[u8]>> {
- let f = File::open(path.as_ref())?;
- let mut sections = ApkSections::new(f)?;
+pub fn verify<P: AsRef<Path>>(apk_path: P) -> Result<Box<[u8]>> {
+ let apk = File::open(apk_path.as_ref())?;
+ let mut sections = ApkSections::new(apk)?;
find_signer_and_then(&mut sections, |(signer, sections)| signer.verify(sections))
}
@@ -116,9 +116,9 @@
}
/// Gets the public key (in DER format) that was used to sign the given APK/APEX file
-pub fn get_public_key_der<P: AsRef<Path>>(path: P) -> Result<Box<[u8]>> {
- let f = File::open(path.as_ref())?;
- let mut sections = ApkSections::new(f)?;
+pub fn get_public_key_der<P: AsRef<Path>>(apk_path: P) -> Result<Box<[u8]>> {
+ let apk = File::open(apk_path.as_ref())?;
+ let mut sections = ApkSections::new(apk)?;
find_signer_and_then(&mut sections, |(signer, _)| {
Ok(signer.public_key.to_vec().into_boxed_slice())
})
diff --git a/libs/apkverify/tests/apkverify_test.rs b/libs/apkverify/tests/apkverify_test.rs
index d7b1dc2..03cb4bb 100644
--- a/libs/apkverify/tests/apkverify_test.rs
+++ b/libs/apkverify/tests/apkverify_test.rs
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-use apkverify::{testing::assert_contains, verify};
+use apkverify::{get_public_key_der, testing::assert_contains, verify};
use std::{fs, matches, path::Path};
const KEY_NAMES_DSA: &[&str] = &["1024", "2048", "3072"];
@@ -208,6 +208,10 @@
expected_public_key_path
);
- // TODO(b/239534874): Validates public key extracted directly from apk
+ // Validates public key extracted directly from apk
// (without verification) == expected public key.
+ let public_key_from_apk = get_public_key_der(apk_path.as_ref());
+ let public_key_from_apk =
+ public_key_from_apk.expect("Error when extracting public key from apk");
+ assert_eq!(expected_public_key, public_key_from_apk.as_ref(), "{}", expected_public_key_path);
}