Commit b0d43800 authored by Alex Klyubin's avatar Alex Klyubin
Browse files

Retain original encoded form in certs returned by PKCS7.

This changes sun.security.pkcs.PKCS7 so that the X509Certificate
instances it returns provide the original encoded form of the
certificate via Certificate.getEncoded. Prior to this change,
Certificate.getEncoded of these instances returned the DER form
of the certificate.

Returning the DER form is normally a good idea, but causes trouble
when this sun.security.pkcs.PKCS7 is used for parsing APKs' JAR
signatures. The way Android works is that an APK is permitted to be
updated only if the encoded form of the update's signing certificate
is exactly the same as the one of the already installed version of the
APK. Some APKs use signing certificates which are not DER-encoded,
which will lead to updates of such APKs to be rejected without this
fix.

Bug: 30148997

(cherry picked from commit ddde3e18)

Change-Id: I2ee92be6d8cbf039a51087006f17ae03e0b0ce51
parent c186ac17
Loading
Loading
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment