diff options
| author | Alex Klyubin <klyubin@google.com> | 2016-07-15 18:01:06 -0700 |
|---|---|---|
| committer | Alex Klyubin <klyubin@google.com> | 2016-07-15 18:50:04 -0700 |
| commit | ddde3e18b22acdaecb883794f5c8e21f0b87bf2f (patch) | |
| tree | b6ac34057fca807b4799ebaec9acbc2326c8b7de /annotations/generate_annotated_java_files.py | |
| parent | d2e78a951c29949bc1cbb691c42ea4202340f138 (diff) | |
Retain original encoded form in certs returned by PKCS7.
This changes sun.security.pkcs.PKCS7 so that the X509Certificate
instances it returns provide the original encoded form of the
certificate via Certificate.getEncoded. Prior to this change,
Certificate.getEncoded of these instances returned the DER form
of the certificate.
Returning the DER form is normally a good idea, but causes trouble
when this sun.security.pkcs.PKCS7 is used for parsing APKs' JAR
signatures. The way Android works is that an APK is permitted to be
updated only if the encoded form of the update's signing certificate
is exactly the same as the one of the already installed version of the
APK. Some APKs use signing certificates which are not DER-encoded,
which will lead to updates of such APKs to be rejected without this
fix.
Bug: 30148997
Change-Id: I44edc63d4923f8fb4f8f7a087611a7496137db52
Diffstat (limited to 'annotations/generate_annotated_java_files.py')
0 files changed, 0 insertions, 0 deletions