From 57a00938a023ca75857a56260922543bfd46e440 Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <hans@eds.org>
Date: Fri, 3 Aug 2018 14:41:59 +0200
Subject: [PATCH] fix broken index.jar signing for swap repos

Broken in the switch to bouncycastle: 5c6c54cadfa8511296b8f7374b113c4e26b7b3a4
---
 .../optional/SignatureBlockGenerator.java     |  4 +-
 .../localrepo/LocalRepoKeyStoreTest.java      | 57 +++++++++++++++++++
 2 files changed, 59 insertions(+), 2 deletions(-)
 create mode 100644 app/src/testFull/java/org/fdroid/fdroid/localrepo/LocalRepoKeyStoreTest.java

diff --git a/app/src/full/java/kellinwood/security/zipsigner/optional/SignatureBlockGenerator.java b/app/src/full/java/kellinwood/security/zipsigner/optional/SignatureBlockGenerator.java
index 197cefa44..b7b89d6b2 100644
--- a/app/src/full/java/kellinwood/security/zipsigner/optional/SignatureBlockGenerator.java
+++ b/app/src/full/java/kellinwood/security/zipsigner/optional/SignatureBlockGenerator.java
@@ -38,10 +38,10 @@ public class SignatureBlockGenerator {
 
             CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
 
-            JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder(keySet.getSignatureAlgorithm()).setProvider("SC");
+            JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder(keySet.getSignatureAlgorithm()).setProvider("BC");
             ContentSigner sha1Signer = jcaContentSignerBuilder.build(keySet.getPrivateKey());
 
-            JcaDigestCalculatorProviderBuilder jcaDigestCalculatorProviderBuilder = new JcaDigestCalculatorProviderBuilder().setProvider("SC");
+            JcaDigestCalculatorProviderBuilder jcaDigestCalculatorProviderBuilder = new JcaDigestCalculatorProviderBuilder().setProvider("BC");
             DigestCalculatorProvider digestCalculatorProvider = jcaDigestCalculatorProviderBuilder.build();
 
             JcaSignerInfoGeneratorBuilder jcaSignerInfoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(digestCalculatorProvider);
diff --git a/app/src/testFull/java/org/fdroid/fdroid/localrepo/LocalRepoKeyStoreTest.java b/app/src/testFull/java/org/fdroid/fdroid/localrepo/LocalRepoKeyStoreTest.java
new file mode 100644
index 000000000..e45d48783
--- /dev/null
+++ b/app/src/testFull/java/org/fdroid/fdroid/localrepo/LocalRepoKeyStoreTest.java
@@ -0,0 +1,57 @@
+package org.fdroid.fdroid.localrepo;
+
+import android.content.Context;
+import android.text.TextUtils;
+import org.apache.commons.io.IOUtils;
+import org.fdroid.fdroid.RepoUpdater;
+import org.fdroid.fdroid.Utils;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.robolectric.RobolectricTestRunner;
+import org.robolectric.RuntimeEnvironment;
+
+import java.io.BufferedOutputStream;
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.cert.Certificate;
+import java.util.jar.JarEntry;
+import java.util.jar.JarFile;
+import java.util.jar.JarOutputStream;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+
+@RunWith(RobolectricTestRunner.class)
+public class LocalRepoKeyStoreTest {
+
+    @Test
+    public void testSignZip() throws IOException, LocalRepoKeyStore.InitException, RepoUpdater.SigningException {
+        Context context = RuntimeEnvironment.application;
+
+        File xmlIndexJarUnsigned = File.createTempFile(getClass().getName(), "unsigned.jar");
+        BufferedOutputStream bo = new BufferedOutputStream(new FileOutputStream(xmlIndexJarUnsigned));
+        JarOutputStream jo = new JarOutputStream(bo);
+        JarEntry je = new JarEntry(RepoUpdater.DATA_FILE_NAME);
+        jo.putNextEntry(je);
+        InputStream inputStream = getClass().getClassLoader().getResourceAsStream("smallRepo.xml");
+        IOUtils.copy(inputStream, jo);
+        jo.close();
+        bo.close();
+
+        LocalRepoKeyStore localRepoKeyStore = LocalRepoKeyStore.get(context);
+        Certificate localCert = localRepoKeyStore.getCertificate();
+        assertFalse(TextUtils.isEmpty(Utils.calcFingerprint(localCert)));
+
+        File xmlIndexJar = File.createTempFile(getClass().getName(), RepoUpdater.SIGNED_FILE_NAME);
+        localRepoKeyStore.signZip(xmlIndexJarUnsigned, xmlIndexJar);
+
+        JarFile jarFile = new JarFile(xmlIndexJar, true);
+        JarEntry indexEntry = (JarEntry) jarFile.getEntry(RepoUpdater.DATA_FILE_NAME);
+        byte[] data = IOUtils.toByteArray(jarFile.getInputStream(indexEntry));
+        assertEquals(17187, data.length);
+        assertNotNull(RepoUpdater.getSigningCertFromJar(indexEntry));
+    }
+}