diff --git a/fdroidserver/common.py b/fdroidserver/common.py index bc4265e..bd1a4c8 100644 --- a/fdroidserver/common.py +++ b/fdroidserver/common.py @@ -3001,28 +3001,35 @@ def signer_fingerprint(cert_encoded): def get_first_signer_certificate(apkpath): """Get the first signing certificate from the APK, DER-encoded.""" + class FDict(dict): + def __setitem__(self, k, v): + if k not in self: + super().__setitem__(k, v) + certs = None cert_encoded = None - with zipfile.ZipFile(apkpath, 'r') as apk: - cert_files = [n for n in apk.namelist() if SIGNATURE_BLOCK_FILE_REGEX.match(n)] - if len(cert_files) > 1: - logging.error(_("Found multiple JAR Signature Block Files in {path}").format(path=apkpath)) - return None - elif len(cert_files) == 1: - cert_encoded = get_certificate(apk.read(cert_files[0])) - - if not cert_encoded and use_androguard(): + if use_androguard(): apkobject = _get_androguard_APK(apkpath) - certs = apkobject.get_certificates_der_v2() + apkobject._v2_blocks = FDict() + certs = apkobject.get_certificates_der_v3() if len(certs) > 0: - logging.debug(_('Using APK Signature v2')) + logging.debug(_('Using APK Signature v3')) cert_encoded = certs[0] if not cert_encoded: - certs = apkobject.get_certificates_der_v3() + certs = apkobject.get_certificates_der_v2() if len(certs) > 0: - logging.debug(_('Using APK Signature v3')) + logging.debug(_('Using APK Signature v2')) cert_encoded = certs[0] + if not cert_encoded: + with zipfile.ZipFile(apkpath, 'r') as apk: + cert_files = [n for n in apk.namelist() if SIGNATURE_BLOCK_FILE_REGEX.match(n)] + if len(cert_files) > 1: + logging.error(_("Found multiple JAR Signature Block Files in {path}").format(path=apkpath)) + return None + elif len(cert_files) == 1: + cert_encoded = get_certificate(apk.read(cert_files[0])) + if not cert_encoded: logging.error(_("No signing certificates found in {path}").format(path=apkpath)) return None