replace decade old pyasn1 crypto impl with working asn1crypto
For some APKs, get_certificate() was returning a different result than
apksigner and keytool. So I just took the algorithm from androguard, which
uses asn1crypto instead of pyasn1. So that removes a dependency as well.
asn1crypto is already required by androguard.
The original get_certificate() came from 6e2d0a9e1
This commit is contained in:
parent
1445eb4b21
commit
fc0201525e
|
@ -54,16 +54,13 @@ from pathlib import Path
|
|||
|
||||
import defusedxml.ElementTree as XMLElementTree
|
||||
|
||||
from asn1crypto import cms
|
||||
from base64 import urlsafe_b64encode
|
||||
from binascii import hexlify
|
||||
from datetime import datetime, timedelta, timezone
|
||||
from queue import Queue
|
||||
from zipfile import ZipFile
|
||||
|
||||
from pyasn1.codec.der import decoder, encoder
|
||||
from pyasn1_modules import rfc2315
|
||||
from pyasn1.error import PyAsn1Error
|
||||
|
||||
import fdroidserver.metadata
|
||||
import fdroidserver.lint
|
||||
from fdroidserver import _
|
||||
|
@ -3895,6 +3892,7 @@ def get_certificate(signature_block_file):
|
|||
|
||||
This could be replaced by androguard's APK.get_certificate_der()
|
||||
provided the cert chain fix was merged there. Maybe in 4.1.2?
|
||||
https://github.com/androguard/androguard/pull/1038
|
||||
|
||||
Parameters
|
||||
----------
|
||||
|
@ -3908,18 +3906,8 @@ def get_certificate(signature_block_file):
|
|||
or None in case of error
|
||||
|
||||
"""
|
||||
content = decoder.decode(signature_block_file, asn1Spec=rfc2315.ContentInfo())[0]
|
||||
if content.getComponentByName('contentType') != rfc2315.signedData:
|
||||
return None
|
||||
content = decoder.decode(content.getComponentByName('content'),
|
||||
asn1Spec=rfc2315.SignedData())[0]
|
||||
try:
|
||||
certificates = content.getComponentByName('certificates')
|
||||
cert = certificates[-1].getComponentByName('certificate')
|
||||
except PyAsn1Error:
|
||||
logging.error("Certificates not found.")
|
||||
return None
|
||||
return encoder.encode(cert)
|
||||
pkcs7obj = cms.ContentInfo.load(signature_block_file)
|
||||
return pkcs7obj['content']['certificates'][-1].chosen.dump()
|
||||
|
||||
|
||||
def load_stats_fdroid_signing_key_fingerprints():
|
||||
|
|
3
setup.py
3
setup.py
|
@ -93,14 +93,13 @@ setup(
|
|||
install_requires=[
|
||||
'appdirs',
|
||||
'androguard >= 3.1.0, != 3.3.0, != 3.3.1, != 3.3.2, <4',
|
||||
'asn1crypto',
|
||||
'clint',
|
||||
'defusedxml',
|
||||
'GitPython',
|
||||
'paramiko',
|
||||
'Pillow',
|
||||
'apache-libcloud >= 0.14.1',
|
||||
'pyasn1 >=0.4.1',
|
||||
'pyasn1-modules >= 0.2.1',
|
||||
'python-vagrant',
|
||||
'PyYAML',
|
||||
'qrcode',
|
||||
|
|
Loading…
Reference in New Issue