• Home
  • History
  • Annotate
Name Date Size #Lines LOC

..--

READMED23-Mar-20243.5 KiB5947

one-signer-extra-cert-tag.xmlD23-Mar-20241.6 KiB64

one-signer-invalid-cert-index.xmlD23-Mar-2024834 53

one-signer-invalid-cert-key.xmlD23-Mar-2024833 53

one-signer-invalid-public-key-cert-key.xmlD23-Mar-2024834 53

one-signer-invalid-tag.xmlD23-Mar-2024854 64

one-signer-missing-cert-index.xmlD23-Mar-2024824 53

one-signer-missing-cert-key.xmlD23-Mar-202489 53

one-signer-missing-cert-tag.xmlD23-Mar-202460 42

one-signer-missing-scheme-version.xmlD23-Mar-2024816 53

one-signer-missing-sigs-count.xmlD23-Mar-2024824 53

one-signer-previous-cert.xmlD23-Mar-202489 53

one-signer.xmlD23-Mar-2024834 53

three-signers-in-lineage-invalid-pastSigs-count.xmlD23-Mar-20242.5 KiB108

three-signers-in-lineage-missing-pastSigs-cert-tag.xmlD23-Mar-20241.7 KiB97

three-signers-in-lineage-missing-pastSigs-count.xmlD23-Mar-20242.5 KiB108

three-signers-in-lineage-missing-scheme-version.xmlD23-Mar-20242.4 KiB108

three-signers-in-lineage.xmlD23-Mar-20242.5 KiB108

two-signers-in-lineage-invalid-certs-flags.xmlD23-Mar-20241.7 KiB97

two-signers-in-lineage-invalid-pastSigs-cert-index.xmlD23-Mar-20241.7 KiB97

two-signers-in-lineage-missing-certs-flags.xmlD23-Mar-20241.7 KiB97

two-signers-in-lineage-missing-pastSigs-cert-index.xmlD23-Mar-20241.7 KiB97

two-signers-in-lineage-multiple-pastSigs-tags.xmlD23-Mar-20242.6 KiB1311

two-signers-in-lineage-no-caps.xmlD23-Mar-20241.7 KiB97

two-signers-in-lineage-undefined-pastSigs-index.xmlD23-Mar-2024977 97

two-signers-in-lineage.xmlD23-Mar-20241.7 KiB97

two-signers-v1v2-missing-cert-tag.xmlD23-Mar-2024834 53

two-signers-v1v2.xmlD23-Mar-20241.6 KiB64

README

1The XML files in this directory are taken from the packages tag of a test APK signed with the
2certificates and keys under the certs/ directory. To recreate the XML files run the following:
3
41. Build the test APK:
5mmm -j cts/hostsidetests/appsecurity/test-apps/tinyapp/
6
72. Sign the APK with the first signer:
8apksigner sign --in ${OUT}/data/app/CtsPkgInstallTinyApp/CtsPkgInstallTinyApp.apk --out test.apk \
9 --cert certs/ec-p256.x509.der --key certs/ec-p256.pk8
10
113. Install the APK on a device:
12adb install test.apk
13
144. Pull the packages.xml file containing the new entry for the APK from the device:
15adb pull /data/system/packages.xml
16
175. Search the packages.xml file for the package name 'android.appsecurity.cts.tinyapp'. Following is
18   the full entry when the APK is signed as above:
19
20    <package name="android.appsecurity.cts.tinyapp" codePath="/data/app/android.appsecurity.cts.tiny
21    app-4ix3umoWct_iD26jQ03Z_g==" nativeLibraryPath="/data/app/android.appsecurity.cts.tinyapp-4ix3u
22    moWct_iD26jQ03Z_g==/lib" publicFlags="805879364" privateFlags="0" ft="1663710dd00" it="1663710de
23    41" ut="1663710de41" version="10" userId="10051">
24        <sigs count="1" schemeVersion="3">
25            <cert index="16" key="3082016c30820111a003020102020900ca0fb64dfb66e772300a06082a8648ce3d
26            04030230123110300e06035504030c0765632d70323536301e170d3136303333313134353830365a170d3433
27            303831373134353830365a30123110300e06035504030c0765632d703235363059301306072a8648ce3d0201
28            06082a8648ce3d03010703420004a65f113d22cb4913908307ac31ee2ba0e9138b785fac6536d14ea2ce90d2
29            b4bfe194b50cdc8e169f54a73a991ef0fa76329825be078cc782740703da44b4d7eba350304e301d0603551d
30            0e04160414d4133568b95b30158b322071ea8c43ff5b05ccc8301f0603551d23041830168014d4133568b95b
31            30158b322071ea8c43ff5b05ccc8300c0603551d13040530030101ff300a06082a8648ce3d04030203490030
32            46022100f504a0866caef029f417142c5cb71354c79ffcd1d640618dfca4f19e16db78d6022100f8eea48297
33            99c06cad08c6d3d2d2ec05e0574154e747ea0fdbb8042cb655aadd" />
34        </sigs>
35        <proper-signing-keyset identifier="480" />
36    </package>
37
38The PackageSignatures#readXml and writeXml methods read and write everything within the sigs tag.
39The tags and attributes within the sigs tag can be modified and used to verify various good and
40error paths for the PackageSignaturesTest.
41
42Step 2 can be modified to sign with multiple signers by running one of the following commands:
43
44- To sign with two signers in the lineage (after the signing key has been rotated once):
45apksigner sign --in ${OUT}/data/app/CtsPkgInstallTinyApp/CtsPkgInstallTinyApp.apk --out test.apk \
46  --cert certs/ec-p256.x509.der --key certs/ec-p256.pk8 --next-signer --cert \
47  certs/ec-p256_2.x509.der --key certs/ec-p256_2.pk8 --lineage certs/ec-p256-lineage-2-signers
48
49- To sign with three signers in the lineage (after the second key rotation):
50apksigner sign --in ${OUT}/data/app/CtsPkgInstallTinyApp/CtsPkgInstallTinyApp.apk --out test.apk \
51  --cert certs/ec-p256.x509.der --key certs/ec-p256.pk8 --next-signer --cert \
52  certs/ec-p256_3.x509.der --key certs/ec-p256_3.pk8 --lineage certs/ec-p256-lineage-3-signers
53
54- To sign with two distinct signers (NOTE: The V3 signature scheme only supports a single signer,
55  so this method can only be used with signature schemes V1 and V2):
56apksigner sign --in ${OUT}/data/app/CtsPkgInstallTinyApp/CtsPkgInstallTinyApp.apk --out test.apk \
57  --cert certs/ec-p256.x509.der --key certs/ec-p256.pk8 --next-signer --cert \
58  certs/ec-p256_3.x509.der --key certs/ec-p256_3.pk8 --v3-signing-enabled false
59