Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / f27626ad70300494a6f90254b8c57206d112afe9^! / . / libs / apkverify / src / v4.rs
commitf27626ad70300494a6f90254b8c57206d112afe9[log] [tgz]
authorAlice Wang <aliceywang@google.com>Tue Sep 27 12:36:22 2022 +0000
committerAlice Wang <aliceywang@google.com>Tue Sep 27 17:56:28 2022 +0000
tree086799fcdc69e16e27d6c9f6317d8e5fa684bfba
parent39915e965d81d4ba91c2e3bf6384d11b43df21a5 [diff] [blame]
[apk_digest] Move the logic of extracting v4 digest to v4 module

Bug: 248999133
Test: libapkverify.integration_test
Change-Id: Ib0424bef92708de8b2a9f9d9bfa53bce69f971c8

diff --git a/libs/apkverify/src/v4.rs b/libs/apkverify/src/v4.rs
index d0522a7..9012479 100644
--- a/libs/apkverify/src/v4.rs
+++ b/libs/apkverify/src/v4.rs

@@ -18,7 +18,7 @@
 //!
 //! [v4]: https://source.android.com/security/apksigning/v4
 
-use anyhow::{ensure, Result};
+use anyhow::{ensure, Context, Result};
 use std::io::{Read, Seek};
 
 use crate::algorithms::SignatureAlgorithmID;
@@ -34,13 +34,17 @@
     verify: bool,
 ) -> Result<(SignatureAlgorithmID, Box<[u8]>)> {
     let (signer, mut sections) = extract_signer_and_apk_sections(apk)?;
-    let (signature_algorithm_id, extracted_digest) = signer.pick_v4_apk_digest()?;
+    let strongest_algorithm_id = signer
+        .strongest_signature()?
+        .signature_algorithm_id
+        .context("Strongest signature should contain a valid signature algorithm.")?;
+    let extracted_digest = signer.find_digest_by_algorithm(strongest_algorithm_id)?;
     if verify {
-        let computed_digest = sections.compute_digest(signature_algorithm_id)?;
+        let computed_digest = sections.compute_digest(strongest_algorithm_id)?;
         ensure!(
             computed_digest == extracted_digest.as_ref(),
             "Computed digest does not match the extracted digest."
         );
     }
-    Ok((signature_algorithm_id, extracted_digest))
+    Ok((strongest_algorithm_id, extracted_digest))
 }