Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 3c01662aa7746e450132bdf124b0476a3000c4ec^! / .
commit3c01662aa7746e450132bdf124b0476a3000c4ec[log] [tgz]
authorAlice Wang <aliceywang@google.com>Mon Sep 19 09:08:27 2022 +0000
committerAlice Wang <aliceywang@google.com>Mon Sep 19 09:17:45 2022 +0000
tree8c5e6c136a7f1e8a222f025b75ce64bdebac0942
parent78b6e425e508a683b0b83cb1c9e11f94084d1a9d [diff]
[apkverify][test] Check public key extracted from apk is valid

This CL checks that the public key extracted directly from apk
(without verification) is valid. So that after this cl, the
integration tests will check

public key from verification ==
public key extracted from apk without verification ==
expected public key

Bug: 239534874
Test: libapkverify.integration_test
Change-Id: I3f8a826bf17e74404788c224afcc8d6fc17b5b81

diff --git a/libs/apkverify/src/v3.rs b/libs/apkverify/src/v3.rs
index 5313a9b..76617e1 100644
--- a/libs/apkverify/src/v3.rs
+++ b/libs/apkverify/src/v3.rs

@@ -85,9 +85,9 @@
 
 /// Verifies APK Signature Scheme v3 signatures of the provided APK and returns the public key
 /// associated with the signer in DER format.
-pub fn verify<P: AsRef<Path>>(path: P) -> Result<Box<[u8]>> {
-    let f = File::open(path.as_ref())?;
-    let mut sections = ApkSections::new(f)?;
+pub fn verify<P: AsRef<Path>>(apk_path: P) -> Result<Box<[u8]>> {
+    let apk = File::open(apk_path.as_ref())?;
+    let mut sections = ApkSections::new(apk)?;
     find_signer_and_then(&mut sections, |(signer, sections)| signer.verify(sections))
 }
 
@@ -116,9 +116,9 @@
 }
 
 /// Gets the public key (in DER format) that was used to sign the given APK/APEX file
-pub fn get_public_key_der<P: AsRef<Path>>(path: P) -> Result<Box<[u8]>> {
-    let f = File::open(path.as_ref())?;
-    let mut sections = ApkSections::new(f)?;
+pub fn get_public_key_der<P: AsRef<Path>>(apk_path: P) -> Result<Box<[u8]>> {
+    let apk = File::open(apk_path.as_ref())?;
+    let mut sections = ApkSections::new(apk)?;
     find_signer_and_then(&mut sections, |(signer, _)| {
         Ok(signer.public_key.to_vec().into_boxed_slice())
     })

diff --git a/libs/apkverify/tests/apkverify_test.rs b/libs/apkverify/tests/apkverify_test.rs
index d7b1dc2..03cb4bb 100644
--- a/libs/apkverify/tests/apkverify_test.rs
+++ b/libs/apkverify/tests/apkverify_test.rs

@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-use apkverify::{testing::assert_contains, verify};
+use apkverify::{get_public_key_der, testing::assert_contains, verify};
 use std::{fs, matches, path::Path};
 
 const KEY_NAMES_DSA: &[&str] = &["1024", "2048", "3072"];
@@ -208,6 +208,10 @@
         expected_public_key_path
     );
 
-    // TODO(b/239534874): Validates public key extracted directly from apk
+    // Validates public key extracted directly from apk
     // (without verification) == expected public key.
+    let public_key_from_apk = get_public_key_der(apk_path.as_ref());
+    let public_key_from_apk =
+        public_key_from_apk.expect("Error when extracting public key from apk");
+    assert_eq!(expected_public_key, public_key_from_apk.as_ref(), "{}", expected_public_key_path);
 }