Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use SHA256 digests when signing AAB files #85

Merged
merged 1 commit into from Nov 29, 2022
Merged

Use SHA256 digests when signing AAB files #85

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
4 changes: 2 additions & 2 deletions keystore/keystore.go
View file
Open in desktop
Expand Up @@ -116,8 +116,8 @@ func (helper Helper) createSignCmd(buildArtifactPth, destBuildArtifactPth, priva
}
split = strings.Split(split[1], "and")

signingAlgorithm := "SHA1with" + split[0]
digestAlgorithm := "SHA1"
signingAlgorithm := "SHA256with" + split[0]
digestAlgorithm := "SHA-256"

cmdSlice := []string{
jarsigner,
Expand Down
14 changes: 7 additions & 7 deletions keystore/keystore_test.go
View file
Open in desktop
Expand Up @@ -8,15 +8,15 @@ import (
)

func TestCreateSignCmd(t *testing.T) {
t.Log("signature algorithm: SHA1withRSA")
t.Log("signature algorithm: SHA256withRSA")
{
apkPth := "android.apk"
destApkPth := "android-signed.apk"
keystorePath := "keystore.jks"
keystorePassword := "pass"
alias := "alias"
keypassword := "keypass"
signatureAlgorithm := "SHA1withRSA"
signatureAlgorithm := "SHA256withRSA"

keystore := Helper{
keystorePth: keystorePath,
Expand All @@ -30,7 +30,7 @@ func TestCreateSignCmd(t *testing.T) {
require.Equal(t, 17, len(cmdSlice))

actual := strings.Join(cmdSlice, " ")
expected := jarsigner + " -sigfile CERT -sigalg SHA1withRSA -digestalg SHA1 -keystore keystore.jks -storepass pass -keypass keypass -signedjar android-signed.apk android.apk alias"
expected := jarsigner + " -sigfile CERT -sigalg SHA256withRSA -digestalg SHA-256 -keystore keystore.jks -storepass pass -keypass keypass -signedjar android-signed.apk android.apk alias"
require.Equal(t, expected, actual)
}

Expand All @@ -56,7 +56,7 @@ func TestCreateSignCmd(t *testing.T) {
require.Equal(t, 17, len(cmdSlice))

actual := strings.Join(cmdSlice, " ")
expected := jarsigner + " -sigfile CERT -sigalg SHA1withRSA -digestalg SHA1 -keystore keystore.jks -storepass pass -keypass keypass -signedjar android-signed.apk android.apk alias"
expected := jarsigner + " -sigfile CERT -sigalg SHA256withRSA -digestalg SHA-256 -keystore keystore.jks -storepass pass -keypass keypass -signedjar android-signed.apk android.apk alias"
require.Equal(t, expected, actual)
}

Expand All @@ -82,7 +82,7 @@ func TestCreateSignCmd(t *testing.T) {
require.Equal(t, 17, len(cmdSlice))

actual := strings.Join(cmdSlice, " ")
expected := jarsigner + " -sigfile CERT -sigalg SHA1withRSA -digestalg SHA1 -keystore keystore.jks -storepass pass -keypass keypass -signedjar android-signed.apk android.apk alias"
expected := jarsigner + " -sigfile CERT -sigalg SHA256withRSA -digestalg SHA-256 -keystore keystore.jks -storepass pass -keypass keypass -signedjar android-signed.apk android.apk alias"
require.Equal(t, expected, actual)
}
}
Expand All @@ -100,10 +100,10 @@ Valid from: Thu Jun 02 19:56:20 CEST 2016 until: Mon May 27 19:56:20 CEST 2041
Certificate fingerprints:
MD5: CA:30:61:CB:AD:70:03:73:C7:FD:91:A4:9C:FB:92:F9
SHA1: 66:C3:60:5B:B8:0B:B0:2C:AE:C5:54:72:B6:B2:D6:18:99:FB:70:9F
Signature algorithm name: SHA1withRSA (Weak)
Signature algorithm name: SHA256withRSA
Version: 3
`
signatureAlgorithm, err := findSignatureAlgorithm(keystoreData)
require.NoError(t, err)
require.Equal(t, "SHA1withRSA", signatureAlgorithm)
require.Equal(t, "SHA256withRSA", signatureAlgorithm)
}