Using SHA256 instead of SHA1 (#85)

bitrise-steplib · Nov 29, 2022 · 8c96369 · 8c96369
1 parent 9962288
commit 8c96369
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 9 deletions.
diff --git a/keystore/keystore.go b/keystore/keystore.go
@@ -116,8 +116,8 @@ func (helper Helper) createSignCmd(buildArtifactPth, destBuildArtifactPth, priva
 	}
 	split = strings.Split(split[1], "and")
 
-	signingAlgorithm := "SHA1with" + split[0]
-	digestAlgorithm := "SHA1"
+	signingAlgorithm := "SHA256with" + split[0]
+	digestAlgorithm := "SHA-256"
 
 	cmdSlice := []string{
 		jarsigner,

diff --git a/keystore/keystore_test.go b/keystore/keystore_test.go
@@ -8,15 +8,15 @@ import (
 )
 
 func TestCreateSignCmd(t *testing.T) {
-	t.Log("signature algorithm: SHA1withRSA")
+	t.Log("signature algorithm: SHA256withRSA")
 	{
 		apkPth := "android.apk"
 		destApkPth := "android-signed.apk"
 		keystorePath := "keystore.jks"
 		keystorePassword := "pass"
 		alias := "alias"
 		keypassword := "keypass"
-		signatureAlgorithm := "SHA1withRSA"
+		signatureAlgorithm := "SHA256withRSA"
 
 		keystore := Helper{
 			keystorePth:        keystorePath,
@@ -30,7 +30,7 @@ func TestCreateSignCmd(t *testing.T) {
 		require.Equal(t, 17, len(cmdSlice))
 
 		actual := strings.Join(cmdSlice, " ")
-		expected := jarsigner + " -sigfile CERT -sigalg SHA1withRSA -digestalg SHA1 -keystore keystore.jks -storepass pass -keypass keypass -signedjar android-signed.apk android.apk alias"
+		expected := jarsigner + " -sigfile CERT -sigalg SHA256withRSA -digestalg SHA-256 -keystore keystore.jks -storepass pass -keypass keypass -signedjar android-signed.apk android.apk alias"
 		require.Equal(t, expected, actual)
 	}
 
@@ -56,7 +56,7 @@ func TestCreateSignCmd(t *testing.T) {
 		require.Equal(t, 17, len(cmdSlice))
 
 		actual := strings.Join(cmdSlice, " ")
-		expected := jarsigner + " -sigfile CERT -sigalg SHA1withRSA -digestalg SHA1 -keystore keystore.jks -storepass pass -keypass keypass -signedjar android-signed.apk android.apk alias"
+		expected := jarsigner + " -sigfile CERT -sigalg SHA256withRSA -digestalg SHA-256 -keystore keystore.jks -storepass pass -keypass keypass -signedjar android-signed.apk android.apk alias"
 		require.Equal(t, expected, actual)
 	}
 
@@ -82,7 +82,7 @@ func TestCreateSignCmd(t *testing.T) {
 		require.Equal(t, 17, len(cmdSlice))
 
 		actual := strings.Join(cmdSlice, " ")
-		expected := jarsigner + " -sigfile CERT -sigalg SHA1withRSA -digestalg SHA1 -keystore keystore.jks -storepass pass -keypass keypass -signedjar android-signed.apk android.apk alias"
+		expected := jarsigner + " -sigfile CERT -sigalg SHA256withRSA -digestalg SHA-256 -keystore keystore.jks -storepass pass -keypass keypass -signedjar android-signed.apk android.apk alias"
 		require.Equal(t, expected, actual)
 	}
 }
@@ -100,10 +100,10 @@ Valid from: Thu Jun 02 19:56:20 CEST 2016 until: Mon May 27 19:56:20 CEST 2041
 Certificate fingerprints:
 	 MD5:  CA:30:61:CB:AD:70:03:73:C7:FD:91:A4:9C:FB:92:F9
 	 SHA1: 66:C3:60:5B:B8:0B:B0:2C:AE:C5:54:72:B6:B2:D6:18:99:FB:70:9F
-	 Signature algorithm name: SHA1withRSA (Weak)
+	 Signature algorithm name: SHA256withRSA
 	 Version: 3
 `
 	signatureAlgorithm, err := findSignatureAlgorithm(keystoreData)
 	require.NoError(t, err)
-	require.Equal(t, "SHA1withRSA", signatureAlgorithm)
+	require.Equal(t, "SHA256withRSA", signatureAlgorithm)
 }