diff --git a/fdroidserver/common.py b/fdroidserver/common.py
index bc4265e..bd1a4c8 100644
--- a/fdroidserver/common.py
+++ b/fdroidserver/common.py
@@ -3001,28 +3001,35 @@ def signer_fingerprint(cert_encoded):
def get_first_signer_certificate(apkpath):
"""Get the first signing certificate from the APK, DER-encoded."""
+ class FDict(dict):
+ def __setitem__(self, k, v):
+ if k not in self:
+ super().__setitem__(k, v)
+
certs = None
cert_encoded = None
- with zipfile.ZipFile(apkpath, 'r') as apk:
- cert_files = [n for n in apk.namelist() if SIGNATURE_BLOCK_FILE_REGEX.match(n)]
- if len(cert_files) > 1:
- logging.error(_("Found multiple JAR Signature Block Files in {path}").format(path=apkpath))
- return None
- elif len(cert_files) == 1:
- cert_encoded = get_certificate(apk.read(cert_files[0]))
-
- if not cert_encoded and use_androguard():
+ if use_androguard():
apkobject = _get_androguard_APK(apkpath)
- certs = apkobject.get_certificates_der_v2()
+ apkobject._v2_blocks = FDict()
+ certs = apkobject.get_certificates_der_v3()
if len(certs) > 0:
- logging.debug(_('Using APK Signature v2'))
+ logging.debug(_('Using APK Signature v3'))
cert_encoded = certs[0]
if not cert_encoded:
- certs = apkobject.get_certificates_der_v3()
+ certs = apkobject.get_certificates_der_v2()
if len(certs) > 0:
- logging.debug(_('Using APK Signature v3'))
+ logging.debug(_('Using APK Signature v2'))
cert_encoded = certs[0]
+ if not cert_encoded:
+ with zipfile.ZipFile(apkpath, 'r') as apk:
+ cert_files = [n for n in apk.namelist() if SIGNATURE_BLOCK_FILE_REGEX.match(n)]
+ if len(cert_files) > 1:
+ logging.error(_("Found multiple JAR Signature Block Files in {path}").format(path=apkpath))
+ return None
+ elif len(cert_files) == 1:
+ cert_encoded = get_certificate(apk.read(cert_files[0]))
+
if not cert_encoded:
logging.error(_("No signing certificates found in {path}").format(path=apkpath))
return None