diff options
| author | Alex Klyubin <klyubin@google.com> | 2016-07-19 12:57:19 -0700 |
|---|---|---|
| committer | Alex Klyubin <klyubin@google.com> | 2016-07-19 12:57:57 -0700 |
| commit | b0d4380094f020749b77df93bf9d11b6fda8d483 (patch) | |
| tree | acfe580b52b34a6a621b85544882b961d0cd221e /include/ScopedJavaUnicodeString.h | |
| parent | c186ac174a8b3ec66c0f9e742a4c796d32d4c320 (diff) | |
Retain original encoded form in certs returned by PKCS7.
This changes sun.security.pkcs.PKCS7 so that the X509Certificate
instances it returns provide the original encoded form of the
certificate via Certificate.getEncoded. Prior to this change,
Certificate.getEncoded of these instances returned the DER form
of the certificate.
Returning the DER form is normally a good idea, but causes trouble
when this sun.security.pkcs.PKCS7 is used for parsing APKs' JAR
signatures. The way Android works is that an APK is permitted to be
updated only if the encoded form of the update's signing certificate
is exactly the same as the one of the already installed version of the
APK. Some APKs use signing certificates which are not DER-encoded,
which will lead to updates of such APKs to be rejected without this
fix.
Bug: 30148997
(cherry picked from commit ddde3e18b22acdaecb883794f5c8e21f0b87bf2f)
Change-Id: I2ee92be6d8cbf039a51087006f17ae03e0b0ce51
Diffstat (limited to 'include/ScopedJavaUnicodeString.h')
0 files changed, 0 insertions, 0 deletions