feat: check signature version when buildType is add channel file to M…

…ETA-INF

README.md

@@ -39,7 +39,7 @@
 **Key Alias:** 密钥别名 <br/>
 **Key Password:** 密钥密码 <br/>
 
-**Zipalign Path:** zipalign文件的路径（用于优化 apk；zipalign 可以确保所有未压缩的数据均是以相对于文件开始部分的特定字节对齐开始，这样可减少应用消耗的 RAM 量。）<br/>
+**Zipalign Path:** zipalign 文件的路径（用于优化 apk；zipalign 可以确保所有未压缩的数据均是以相对于文件开始部分的特定字节对齐开始，这样可减少应用消耗的 RAM 量。）<br/>
 **Signer Version:** 选择签名版本：apksigner 和 jarsigner <br/>
 **Build Type:** 打包方式 <br/>
 
@@ -70,7 +70,8 @@
 同时替换 AndroidManifest.xml，最后重新签名。
 
 #### add channel file to META-INF
-复制1个 apk，然后直接添加空文件到其 META-INF 目录（不重新签名）。读取渠道：[ChannelHelper](https://gist.github.com/nukc/f777b54232be56f04171bcef56a627e1)
+复制1个 apk，先检查签名版本，如果未签名则进行签名（配置选择 jarsigner 则在渠道打包前签名，apksigner 则是添加空文件到其 META-INF 目录后再签名）。
+读取渠道：[ChannelHelper](https://gist.github.com/nukc/f777b54232be56f04171bcef56a627e1)
 
 #### write zip comment
 先判断选中的 apk 中 comment 是否含有 SIGN 字节，如果有则不进行渠道打包并提示；之后检查是否是 v2 签名，如果是 v2，则复制1个不带签名文件的 apk 到 temp 文件夹并重新签名为 v1，
@@ -79,10 +80,7 @@
 
 ## 以后要加的功能
 
-- 如果 buildType 选择美团方案在 META-INF 目录写入空文件:
-    - 自定义空文件名的前辍（目前是 ```c_```）
-    - 在打包之前先判断选中的apk是否已经签名，如果没有则先签名
-- 添加支持选择项目路径外的apk文件进行多渠道打包
+- 添加支持选择项目路径外的 apk 文件进行多渠道打包
 - buildType 添加支持美团新一代渠道包生成方式 Walle
 
 有什么问题欢迎大家在 [Issues](https://github.com/nukc/ApkMultiChannelPlugin/issues) 中提问
@@ -95,6 +93,7 @@
 - [apksigner](https://developer.android.com/studio/command-line/apksigner.html)
 - [packer-ng-plugin](https://github.com/mcxiaoke/packer-ng-plugin)
 - [新一代开源Android渠道包生成工具Walle](http://tech.meituan.com/android-apk-v2-signature-scheme.html)
+- [apksig](https://android.googlesource.com/platform/tools/apksig/)
 
 同时感谢 [dim](https://github.com/zzz40500) 和 [区长](https://github.com/lizhangqu) 的指点迷津。
 

signer/src/com/android/apksigner/core/ApkSignerEngine.java → apksig/src/com/android/apksig/ApkSignerEngine.java

@@ -14,27 +14,28 @@
  * limitations under the License.
  */
 
-package com.android.apksigner.core;
+package com.android.apksig;
 
+import com.android.apksig.apk.ApkFormatException;
+import com.android.apksig.util.DataSink;
+import com.android.apksig.util.DataSource;
 import java.io.Closeable;
 import java.io.IOException;
 import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
 import java.security.SignatureException;
 import java.util.List;
 
-import com.android.apksigner.core.util.DataSink;
-import com.android.apksigner.core.util.DataSource;
-
 /**
  * APK signing logic which is independent of how input and output APKs are stored, parsed, and
  * generated.
  *
  * <p><h3>Operating Model</h3>
  *
  * The abstract operating model is that there is an input APK which is being signed, thus producing
- * an output APK. In reality, there may be just an output APK being built from scratch, or the input APK and
- * the output APK may be the same file. Because this engine does not deal with reading and writing
- * files, it can handle all of these scenarios.
+ * an output APK. In reality, there may be just an output APK being built from scratch, or the input
+ * APK and the output APK may be the same file. Because this engine does not deal with reading and
+ * writing files, it can handle all of these scenarios.
  *
  * <p>The engine is stateful and thus cannot be used for signing multiple APKs. However, once
  * the engine signed an APK, the engine can be used to re-sign the APK after it has been modified.
@@ -88,7 +89,7 @@
  * documentation of each method about the deadlines for performing the tasks requested by the
  * method.
  *
- * <p><h3 id="incremental">Incremental Operation</h3>
+ * <p><h3 id="incremental">Incremental Operation</h3></a>
  *
  * The engine supports incremental operation where a signed APK is produced, then modified and
  * re-signed. This may be useful for IDEs, where an app is frequently re-signed after small changes
@@ -108,6 +109,8 @@
  * not invoked. In this mode, the engine has less control over output because it cannot request that
  * some JAR entries are not output. Nevertheless, the engine will attempt to make the output APK
  * signed and will report an error if cannot do so.
+ *
+ * @see <a href="https://source.android.com/security/apksigning/index.html">Application Signing</a>
  */
 public interface ApkSignerEngine extends Closeable {
 
@@ -118,9 +121,12 @@ public interface ApkSignerEngine extends Closeable {
      * @param apkSigningBlock APK signing block of the input APK. The provided data source is
      *        guaranteed to not be used by the engine after this method terminates.
      *
+     * @throws IOException if an I/O error occurs while reading the APK Signing Block
+     * @throws ApkFormatException if the APK Signing Block is malformed
      * @throws IllegalStateException if this engine is closed
      */
-    void inputApkSigningBlock(DataSource apkSigningBlock) throws IllegalStateException;
+    void inputApkSigningBlock(DataSource apkSigningBlock)
+            throws IOException, ApkFormatException, IllegalStateException;
 
     /**
      * Indicates to this engine that the specified JAR entry was encountered in the input APK.
@@ -176,19 +182,25 @@ InputJarEntryInstructions.OutputPolicy inputJarEntryRemoved(String entryName)
     /**
      * Indicates to this engine that all JAR entries have been output.
      *
-     *
      * @return request to add JAR signature to the output or {@code null} if there is no need to add
      *         a JAR signature. The request will contain additional JAR entries to be output. The
      *         request must be fulfilled before
      *         {@link #outputZipSections(DataSource, DataSource, DataSource)} is invoked.
      *
+     * @throws ApkFormatException if the APK is malformed in a way which is preventing this engine
+     *         from producing a valid signature. For example, if the engine uses the provided
+     *         {@code META-INF/MANIFEST.MF} as a template and the file is malformed.
+     * @throws NoSuchAlgorithmException if a signature could not be generated because a required
+     *         cryptographic algorithm implementation is missing
      * @throws InvalidKeyException if a signature could not be generated because a signing key is
      *         not suitable for generating the signature
-     * @throws SignatureException if an error occurred while generating the JAR signature
+     * @throws SignatureException if an error occurred while generating a signature
      * @throws IllegalStateException if there are unfulfilled requests, such as to inspect some JAR
      *         entries, or if the engine is closed
      */
-    OutputJarSignatureRequest outputJarEntries() throws InvalidKeyException, SignatureException;
+    OutputJarSignatureRequest outputJarEntries()
+            throws ApkFormatException, NoSuchAlgorithmException, InvalidKeyException,
+                    SignatureException, IllegalStateException;
 
     /**
      * Indicates to this engine that the ZIP sections comprising the output APK have been output.
@@ -207,16 +219,23 @@ InputJarEntryInstructions.OutputPolicy inputJarEntryRemoved(String entryName)
      *         {@link #outputDone()} is invoked.
      *
      * @throws IOException if an I/O error occurs while reading the provided ZIP sections
+     * @throws ApkFormatException if the provided APK is malformed in a way which prevents this
+     *         engine from producing a valid signature. For example, if the APK Signing Block
+     *         provided to the engine is malformed.
+     * @throws NoSuchAlgorithmException if a signature could not be generated because a required
+     *         cryptographic algorithm implementation is missing
      * @throws InvalidKeyException if a signature could not be generated because a signing key is
      *         not suitable for generating the signature
-     * @throws SignatureException if an error occurred while generating the APK's signature
+     * @throws SignatureException if an error occurred while generating a signature
      * @throws IllegalStateException if there are unfulfilled requests, such as to inspect some JAR
      *         entries or to output JAR signature, or if the engine is closed
      */
     OutputApkSigningBlockRequest outputZipSections(
             DataSource zipEntries,
             DataSource zipCentralDirectory,
-            DataSource zipEocd) throws IOException, InvalidKeyException, SignatureException;
+            DataSource zipEocd)
+                    throws IOException, ApkFormatException, NoSuchAlgorithmException,
+                            InvalidKeyException, SignatureException, IllegalStateException;
 
     /**
      * Indicates to this engine that the signed APK was output.