v3 APK verification: reset por signedData after verification. During the proof-of-rotation additional attribute parsing, each new certificate needs to be verified by the last. When doing this verification, the ByteBuffer position is advanced to its limit, but it needs to be read again to extract the certificate. Reset the signedData ByteBuffer to its original position. Bug: 64686581 Test: Builds, boots, v3 signed app with rotated cert installs. Change-Id: Ie95e4c7e99e3cfb9a987638a0c641456af2f34d9

commit: 6dbf837a3a74ea0aad15d3e4fb66a82e2161c9e7 [log] [tgz]
author: Dan Cashman <dcashman@google.com> Fri Jan 26 05:37:54 2018 -0800
committer: Dan Cashman <dcashman@google.com> Fri Jan 26 08:36:31 2018 -0800
tree: 39e50f9bcdcbee8695bfcd27b84eee154cf3094d
parent: 5bc5457ae5717147d162c2ddc5ffa02fa5a1bd20 [diff] [blame]
diff --git a/core/java/android/util/apk/ApkSignatureSchemeV3Verifier.java b/core/java/android/util/apk/ApkSignatureSchemeV3Verifier.java
index 1b04eb2..a17b04a 100644
--- a/core/java/android/util/apk/ApkSignatureSchemeV3Verifier.java
+++ b/core/java/android/util/apk/ApkSignatureSchemeV3Verifier.java

@@ -477,6 +477,7 @@
                     }
                 }
 
+                signedData.rewind();
                 byte[] encodedCert = readLengthPrefixedByteArray(signedData);
                 int signedSigAlgorithm = signedData.getInt();
                 if (lastCert != null && lastSigAlgorithm != signedSigAlgorithm) {
commit	6dbf837a3a74ea0aad15d3e4fb66a82e2161c9e7	[log] [tgz]
author	Dan Cashman <dcashman@google.com>	Fri Jan 26 05:37:54 2018 -0800
committer	Dan Cashman <dcashman@google.com>	Fri Jan 26 08:36:31 2018 -0800
tree	39e50f9bcdcbee8695bfcd27b84eee154cf3094d
parent	5bc5457ae5717147d162c2ddc5ffa02fa5a1bd20 [diff] [blame]