Google Git
Sign in
android / platform / tools / apksig / refs/tags/android-cts-11.0_r1^1..refs/tags/android-cts-11.0_r1 / .
commitfdd4d6e88a25b47687a54818e05e7a42ea80afbd[log] [tgz]
authorandroid-build-team Robot <android-build-team-robot@google.com>Sat Jul 18 01:14:02 2020 +0000
committerandroid-build-team Robot <android-build-team-robot@google.com>Sat Jul 18 01:14:02 2020 +0000
tree0a8a3e5e28788779d8d260c4835659e1d2c8750b
parent9d81aa5a3ddf8650baaf8aa7c64d1bc1b58fb31c [diff]
parent79142cc90af1ccae85318cff844393113d261096 [diff]
Snap for 6690197 from 79142cc90af1ccae85318cff844393113d261096 to rvc-release

Change-Id: I6a34390c2a43bb1dc7215a6c186bb87db0b3e833

diff --git a/Android.bp b/Android.bp
index 89654a6..c46629f 100644
--- a/Android.bp
+++ b/Android.bp

@@ -31,5 +31,9 @@
     java_resource_dirs: ["src/apksigner/java"],
     wrapper: "etc/apksigner",
     manifest: "src/apksigner/apksigner.mf",
-    static_libs: ["apksig"],
+    static_libs: [
+        "apksig",
+        "conscrypt-unbundled",
+    ],
+    required: ["libconscrypt_openjdk_jni"],
 }

diff --git a/etc/apksigner b/etc/apksigner
index 11a7529..d13afc4 100755
--- a/etc/apksigner
+++ b/etc/apksigner

@@ -46,6 +46,8 @@
 if [ ! -r "$libdir/$jarfile" ]; then
     # set apksigner.jar location for the Android tree case
     libdir=`dirname "$progdir"`/framework
+    # also include the library directory for any provider native libraries
+    providerLibdir=`dirname "$progdir"`/lib64
 fi
 
 if [ ! -r "$libdir/$jarfile" ]; then
@@ -71,6 +73,8 @@
     javaOpts="${javaOpts} -${opt}"
     if expr "x${opt}" : "xXmx[0-9]" >/dev/null; then
         defaultMx="no"
+    elif expr "x${opt}" : "xDjava.library.path=" >/dev/null; then
+        defaultLibdir="no"
     fi
     shift
 done
@@ -79,6 +83,10 @@
     javaOpts="${javaOpts} ${defaultMx}"
 fi
 
+if [ "${defaultLibdir}" != "no" ] && [ -n $providerLibdir ]; then
+    javaOpts="${javaOpts} -Djava.library.path=$providerLibdir"
+fi
+
 if [ "$OSTYPE" = "cygwin" ]; then
     # For Cygwin, convert the jarfile path into native Windows style.
     jarpath=`cygpath -w "$libdir/$jarfile"`

diff --git a/src/apksigner/java/com/android/apksigner/ApkSignerTool.java b/src/apksigner/java/com/android/apksigner/ApkSignerTool.java
index 5783518..2f4e680 100644
--- a/src/apksigner/java/com/android/apksigner/ApkSignerTool.java
+++ b/src/apksigner/java/com/android/apksigner/ApkSignerTool.java

@@ -25,6 +25,8 @@
 import com.android.apksig.util.DataSource;
 import com.android.apksig.util.DataSources;
 
+import org.conscrypt.OpenSSLProvider;
+
 import java.io.BufferedReader;
 import java.io.File;
 import java.io.IOException;
@@ -78,6 +80,8 @@
             return;
         }
 
+        addProviders();
+
         String cmd = params[0];
         try {
             if ("sign".equals(cmd)) {
@@ -109,6 +113,19 @@
         }
     }
 
+    /**
+     * Adds additional security providers to add support for signature algorithms not covered by
+     * the default providers.
+     */
+    private static void addProviders() {
+        try {
+            Security.addProvider(new OpenSSLProvider());
+        } catch (UnsatisfiedLinkError e) {
+            // This is expected if the library path does not include the native conscrypt library;
+            // the default providers support all but PSS algorithms.
+        }
+    }
+
     private static void sign(String[] params) throws Exception {
         if (params.length == 0) {
             printUsage(HELP_PAGE_SIGN);