diff --git a/fdroidserver/common.py b/fdroidserver/common.py index 5f812206..699e03d4 100644 --- a/fdroidserver/common.py +++ b/fdroidserver/common.py @@ -3272,24 +3272,36 @@ def get_first_signer_certificate(apkpath): not (certs_v3 or certs_v2) and get_effective_target_sdk_version(apkobject) < 30 ): with zipfile.ZipFile(apkpath, 'r') as apk: - cert_files = [ - n for n in apk.namelist() if SIGNATURE_BLOCK_FILE_REGEX.match(n) + cert_infos = [ + i for i in apk.infolist() if SIGNATURE_BLOCK_FILE_REGEX.match(i.orig_filename) ] - if len(cert_files) > 1: + if len(cert_infos) > 1: logging.error( _("Found multiple JAR Signature Block Files in {path}").format( path=apkpath ) ) return - elif len(cert_files) == 1: - signature_block_file = cert_files[0] + elif len(cert_infos) == 1: + signature_block_info = cert_infos[0] + signature_block_file = cert_infos[0].orig_filename signature_file = ( - cert_files[0][: signature_block_file.rindex('.')] + '.SF' + signature_block_file[: signature_block_file.rindex('.')] + '.SF' ) + for info in apk.infolist(): + if info.orig_filename == signature_file: + signature_info = info + break + else: + logging.error( + _("Missing JAR Signature File in {path}").format( + path=apkpath + ) + ) + return cert_v1 = get_certificate( - apk.read(signature_block_file), - apk.read(signature_file), + apk.read(signature_block_info), + apk.read(signature_info), ) found_certs.append(cert_v1) if not cert_encoded: